Re: Pen-Testing New Server - Where to start?

HI,
there is a framework for penetration testing.which you can get at http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html read it and follow the steps.
REgards,

On Nov 14, 2007 2:26 AM, Security <security@gridrunners.com> wrote:
> Hi, I'm new to the InfoSec industry and would like to try my hand at
> penetration-testing (and securing) a new server I've set up at home.
>
> Seeing as I've set up the system, I know all the usernames/passwords
> used on the box, as well as how everything is set up, but I'd like to
> approach this as an outside user, pretending that I have none of this
> information. I want to try to gather information, form an attack plan,
> and attempt to crack the system from scratch, so that I can later on go
> back and secure the system against those attacks.
>
> Here's the information I can assume I'd know, from basic enumeration:
>
> The server is running Ubuntu v6.06, with the following services:
> ftp
> http (apache)
> smtp
> pop3
> irc (hybrid)
> ssh
>
> When setting up the system, I followed the following tutorial (almost to
> a T... though I did a few things different):
>
> http://www.howtoforge.com/perfect_setup_ubuntu_6.06
>
> Since the system is on my local network, I know there's only one IP I've
> got to worry about, and this is the only target machine.
>
> Any ideas where I should start? What information might help?
>
> Thanks.
>
> ~Xor
>
-- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com

• This message: [ Message body ]
• Next message: Eric White: "RE: How to Test HDD Encryption"
• Previous message: jfvanmeter_at_nospam: "Re: How to Test HDD Encryption"
• In reply to: Security: "Pen-Testing New Server - Where to start?"
• Next in thread: theosdguy_at_nospam: "Re: Pen-Testing New Server - Where to start?"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]