Results 1 to 3 of 3

Thread: scanning...

  1. #1
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    1

    Default scanning...

    hey, hi, hello... ->my first post, sorry.

    executing exploits and all that jazz is great fun, but the thing i have most difficulty with is, scanning/searching ... basically just finding something my test box is vulnerable to...

    it's gotten to a point where... i'll watch people executing an exploit, copy it, say well that looks cool... but really ... "i wish i could of thought of something that would work... "

    anyway, i'll be online for a while, poking around, if anyone could help me out that would be great.

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    executing exploits and all that jazz is great fun, but the thing i have most difficulty with is, scanning/searching ... basically just finding something my test box is vulnerable to...
    Welcome to the forum and hope you will enjoy your stay. I am not 100 % sure what your question is in this post, or even if you are asking anything at all. However it does seem that you want some information on how you can find services that are vulnerable. First of all there are countless vulnerability scanners out there, and quite a few included in BT by default as well.

    My personal suggestion would be for you to start with getting familiar with nmap and its OS/service detection capabilities. The first step to figuring out if there are any vulnerable services on your box is naturally to determine which services that are actually running. Check for outdated and exploitable software and/or unpatched operating systems.

    My personal favourite when it comes to vulnerability scanners is Nessus. This program is not installed by default on BT as Tenable did not allow it to be distributed in this manner. It is however completely free and there are some good tutorials on how to install it on BT on the forum. This program will automatically scan for several known vulnerabilities and the reports can be exported both in html and nbe format. The latter of which can be easily imported to metasploit’s db_autopwn function.
    -Monkeys are like nature's humans.

  3. #3
    Member webtrol's Avatar
    Join Date
    Jan 2010
    Posts
    113

    Default

    If your test server is not connected directly to the net ...proceed further otherwise do not. It is good idea to keep it off the net or behind some nice wall-o-router (presently i use ipcop for this - it seems to be n00b tested, as it works well for me).

    Now once you scan your server and find nothing. Then (test server, not your server with all the info you don't want to risk) start opening services (you know you need that SSH, and apache and Mysql and etc). Now rescan and you should find more. If you really want to find some vulnerabilities to practice, look up De-Ice CD.

    It is great to SCAN from with-in your network and then from outside the firewall (make sure you always target only the system you own, unless you like prison food....) to compare the results.

    Good luck.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •