|Main Archive Page > Month Archives > security-basics archives|
there is a framework for penetration testing.which you can get at http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html read it and follow the steps.
On Nov 14, 2007 2:26 AM, Security <firstname.lastname@example.org> wrote:
> Hi, I'm new to the InfoSec industry and would like to try my hand at
> penetration-testing (and securing) a new server I've set up at home.
> Seeing as I've set up the system, I know all the usernames/passwords
> used on the box, as well as how everything is set up, but I'd like to
> approach this as an outside user, pretending that I have none of this
> information. I want to try to gather information, form an attack plan,
> and attempt to crack the system from scratch, so that I can later on go
> back and secure the system against those attacks.
> Here's the information I can assume I'd know, from basic enumeration:
> The server is running Ubuntu v6.06, with the following services:
> http (apache)
> irc (hybrid)
> When setting up the system, I followed the following tutorial (almost to
> a T... though I did a few things different):
> Since the system is on my local network, I know there's only one IP I've
> got to worry about, and this is the only target machine.
> Any ideas where I should start? What information might help?
-- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com