Yes, it could take quite awhile. give it at least 5 min. Are you sure the IP is up?
Yes, it could take quite awhile. give it at least 5 min. Are you sure the IP is up?
First - Irongeek - thanks for this post - great stuff.Quote:
What IronGeek has provided is a *very* basic pen test. I'm certain he didn't go on to show the actual technique of compiling, reporting and running the exploit because of liability concerns (rightly so). In a real pen test, there is usually a POC (proof of concept) section where you publish specific details on the actual success rates of known (sometimes unknown) vulnerabilities on the box/device.
Just a suggestion for ya Irongeek. Many folks here have never done a real pen test (some don't even know what that's short for) so you may want to note in your video tut that you are only covering the initial steps of the process, not a complete penetration test.
Second - th13 - do you have information on sources for conducting 'good' pen testing?
Thanks!
I took your advice, gave it about ten minutes, and it did finish.
Now for my Nikto problem. It seems I can only find tarz, which I can't seem to open with windows?
Thanks for your help, as a newbie I found it quite helpful as a beginning point.
I use a Debian based system and just used Apt-get to install it. You may need to compile it yourself. What distro do you use? Also, I assume you found a web server running on the box you scanned?
you cannot use *nix binaries on on XP system w/out some typle of emulation..
the easiest thing is probably run a live linux CD (whoppix/knoppix, SuSe)
Did he say he was on an XP box? I could have missed that. This is the most feed back I've gotten on one of my tuts in quite awhile.
Im using Windows Xp, with SP1. I'm scanning the box that hosts both my webserver and multiple ircds.
I'd see if I could find a Linux boot cd then that has Nikto. If you use the newest version of Knoppix with unionfs you should be able to do an:
apt-get install nikto
and get it.
Will do. Thanks for the help, its greatly appreciated.
Infonomicon TV 5 is out, including Irongeeks PenTest:
http://www.infonomicon.org/video.php