Results 1 to 3 of 3

Thread: Pentest Report Template...? And a first "real" Pentesting opportunity...

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Question Pentest Report Template...? And a first "real" Pentesting opportunity...

    I remember in the past that someone posted a pentest report template to turn into the company of your findings when your have finishedpen testing for the company. Kinda like your results report.

    Does anyone have a professional report template, or could someone point me to it?

    Any one who has read my topic in the Programming thread knows about the Server Password Policy pentesting I did. I want to turn in a report with my findings, to make it look professional.

    ----------------------------------------------------------

    Also there are 2 weeks left of school. Our Linux teacher gave a announcement that he would give 15 points extra credit to anyone who can "Crack, Change or Reset" The root password for his personal Linux box he runs the class off of. I asked him after class if he was serious, he said he was. I know the password is stored in the "shadow" files in the "etc" folder. We connect to the server using SSH and do our homework in our own folder. I don't really need the extra credit, but I thought it was a good opportunity. But so far my google skills have shown that you need PHYSICAL ACCESS to the box to reset it...He has it locked up in his office. And I don't want to try to touch it if I don't have permission. I think we have to do it remotely.

    basically after I found out I don't have write access to the etc folder I gave up.

    Also If i do somehow find a way to do it, ill need that template to report back to him.

    P.S: If needed I could ask him to write out a statment about the extra credit assignment for permission for doing the pentesting. I see him later today.

  2. #2
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default

    Ok, scratch the 2nd part of this post. I was talking with my professor more about doing a MITM Attack with his computer on friday and modifying the SSH server (if i have acess to those folders) to make the server only accept weak SSH-v1 sessions.

    He said dont bother and encouraged me to do something more "productive" with my time like learning python or perl.

    I guess that works....but i do need a pentest report template.

    (I did manage to send a e-mail out to someone)

  3. #3
    Member ColForbin's Avatar
    Join Date
    Jan 2010
    Posts
    93
    "Whatever happened to playing a hunch, Scully? The element of surprise, random acts of unpredictability? If we fail to anticipate the unforeseen or expect the unexpected in a universe of infinite possibilities, we may find ourselves at the mercy of anyone or anything that cannot be programmed, categorized or easily referenced."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •