| To: | pen-test@securityfocus.com |
|---|---|
| Subject: | Cross testing exploit with vulnerability scan results |
| From: | Chroot <chrooted@gmail.com> |
| Date: | Fri, 27 Jul 2007 17:55:30 +0530 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=i/4jFjt7s9W/appCnlNzxSKYpRYPbfoR9b6onu7gfwlyfqEcmyla+bsNieTqKiPgrmbkX145w8wrSFJNxlaGNVEtA0Jf3WzCbBzijfO2sIKDIWGJ0pconwNa4WLz8uHMrTm8Gr/0ekBDtBEaEu4ZQycQ7NSbG/nMzWFB/m9/K9Y= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=WNoAKEIsdYOnWfSTsRalKNBNtCoK97h5JWX8YNdoak6l7U1kmmZMKp/5Cb/P1pwVstuJJPZFf8/P9AeyanCYzcSXHLM6513DD5eN+7Tn0lWV9VLGB13aH3gyglQX2gUVEqZDfr4xT8cjxb8/xpRRHwRHAC2uMlpuntPXEODROzg= |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| Resent-date: | Fri, 27 Jul 2007 18:04:33 -0600 (MDT) |
| Resent-from: | pen-test-return-1078484712@securityfocus.com |
| Resent-message-id: | <20070728000433.54B33237ACA@outgoing3.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
Hi Fellow testers, I've been conducting pen tests since 4 yrs now... the methodology I follow is that we exploit or attempt to exploit ONLY those vulnerabilities that a vulnerability scanner identifies. What if the appropriate check or signature in the vulnerability scanner was not up to date or had some coding issue or was not comprehensiveness enough (or anything else) to identify a real existing vulnerability on a system. This can result in serious false negatives. Would downloading, installing and cross testing all available exploits for an identified service be a good idea to minimize such a case? How many people have faced such an issue or a similar issue? For me I faced this issue with some bug in Nessus recently. This is something like my NMAP says there is IIS6.0 running on port 443 of a target server. I do a Nessus scan on it and it doesn't report anything. I then download all available exploits for IIS6.0 (or for all version of IIS? would this make sense) from securityfocus.com or securiteam.com or similar source and run it manually on the target system. Eagerly await opinions. THNX ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Basic facilities required to establish a pen test lab, Gubir |
|---|---|
| Next by Date: | SAS 70, p1g |
| Previous by Thread: | Basic facilities required to establish a pen test lab, Gubir |
| Next by Thread: | Re: Cross testing exploit with vulnerability scan results, John M. Martinelli |
| Indexes: | [Date] [Thread] [Top] [All Lists] |