-
September 19th, 2007, 12:45 PM
#1
Member
Finding which exploit will do the job!!!
Hi,
I have built my security lab and i`m enjoying messing about with it, although iv come to a bit of a problem, I can recognise exploits using nessus, but then how can you find out which exploit is the best to use for this perticular task, obviosly in the real world you cant trial them. Is it a case of just trying them, or googling and finding info on the spoit first???
Thanx
-
September 19th, 2007, 01:32 PM
#2
There is not a great deal of exploits available for individual services. You will usually need to find the type of service and revision number at a minimum, most exploits will also need the OS version and patch state to be of a certain type and at a certain level, others need all of the above and maybe things like a directory, valid login account etc.
Sites like milw0rm offer a searchable index of exploits however be careful as there are some on there that actually attack your machine..
Start off searching for exploits that are used against the service you want to attack, then narrow these down to the ones that work with the revision of your service - more than likely you will only have one or two that are usable - then read the headers of them to find out what additional parameters you need to provide...if you don't have all the info needed, then you will need to do a bit more groundwork against your target to get it.
Last edited by Nokia; September 19th, 2007 at 01:38 PM.
-
September 20th, 2007, 01:29 PM
#3
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
September 21st, 2007, 02:59 PM
#4
Similar Threads
-
By Black Cluster in forum Microsoft Security Discussions
Replies: 3
Last Post: October 14th, 2005, 08:44 AM
-
By Tiger Shark in forum Microsoft Security Discussions
Replies: 5
Last Post: January 14th, 2005, 08:47 PM
-
By enjoy_lovelife in forum Miscellaneous Security Discussions
Replies: 2
Last Post: August 7th, 2002, 11:47 AM
-
By ntsa in forum The Security Tutorials Forum
Replies: 3
Last Post: July 21st, 2002, 04:00 PM
-
By Montezuma in forum Microsoft Security Discussions
Replies: 5
Last Post: March 29th, 2002, 02:16 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|