-
July 21st, 2003, 09:59 PM
#1
Junior Member
How do I test vernability of a daemon
I have recently installed a Web Server on my PC. I want to test how much vernable it is. I want to learn how to search for its weaknesses and exploits. I am a complete newbie in this field so I atleast need to get started. Thank you.
-
July 21st, 2003, 10:03 PM
#2
start by searching for pre-existing vulnerabilities...
you can do this by searching
>bugtraq (www.securityfocus.com)
>packetstorm (www.packetstormsecurity.com)
>google (www.google.com)
There are also vulnerability scanners. You can always try and find a copy of the source code to your daemon and look for unchecked buffers, et cetera...
yeah, I\'m gonna need that by friday...
-
July 21st, 2003, 10:04 PM
#3
A few questions: What OS and http daemon are you running? Do you have any web applications or CGI deployed?
$person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
SecureVision
-
July 21st, 2003, 10:06 PM
#4
Well I might as well ask, because if I don't someone else will. You are going to have to give us more info.
What OS is the WEB Server installed on?
What kind of WEB Server is it?
What, if any, patches have you applied to both the OS & the WEB Server.
Come on, throw us a bone here mate, we are good, but we don't read minds.
Cheers:
-
July 22nd, 2003, 08:14 AM
#5
Junior Member
I have Win 98 and the http daemon is Abyss Web Server. Its executable is avaiable for free.
The reason why I did not give any specific info is because I wanted a general approach of finding vernablities that I can apply to any OS and daemon.
-
July 22nd, 2003, 09:22 AM
#6
Ok I have used Abyss web server before ( a long time ago). There were vulnerabilities back then. Don't know now. Ok I will give you a link to a tool that I might get negged for. It is a tool that can be used for both evil and good. Hopefully you will use it for good. It is at http://www.eeye.com/html/Products/Retina/index.html It is called Retina there is a free download for trial purpose. Very good security software at www.eeye.com just be aware that it is pretty expensive to buy the software. Well it is expensive for my pockets at least. I have seen it being used on Techtv before and it works well. Good luck let us know if that fits your needs.
-
July 22nd, 2003, 11:25 AM
#7
Re: How do I test vernability of a daemon
Originally posted here by niloy
I have recently installed a Web Server on my PC. I want to test how much vernable it is. I want to learn how to search for its weaknesses and exploits. I am a complete newbie in this field so I atleast need to get started. Thank you.
I use a linux product called nessus. I find it very useful for checking the security of my work servers etc. if you want you can mail me the ip address and I will scan your server and email you the report it produces back.
HTH
Mail me at:
post at stephen-milner dot me dot uk
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
July 22nd, 2003, 11:48 AM
#8
I use a linux product called nessus. I find it very useful for checking the security of my work servers etc.
I will second this (along with almost everyone else here at AO). The only *bad* thing (which isn't necessarily bad) is that you have to run the nessus server on a *nix based machine. They have a front end for nessus on win32 machines, but that will do you no good unless you have the server to connect to. I'd be impressed if you could find a public nessus server to connect to.
If you have a spare machine, I'd suggest loading *nix on it so you can get the feel of the broad range of tools available for both win32 and *nix. It would be well worth it depending on how much you are trying to learn. The best part is that *most* of the tools you get for *nix are free. Most of the good tools for windows are shareware or commercial (though you can still find *some* freeware good tools for win32 that are decent). Just so you know what I mean by broad range... have a look at the "top 75 security tools "
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
July 22nd, 2003, 01:55 PM
#9
abyss brute forcing -> http://packetstorm.linuxsecurity.com...byss.brute.txt
abyss DoS vuln -> http://packetstorm.linuxsecurity.com...oits/abyss.txt
as for windows98, i didn't search for anything. but am aware of it's multiple DoS vulnerabilities...
yeah, I\'m gonna need that by friday...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|