Penetration Testing (pen-test) Mailing List

Re: How do VA scans work technically

Sat, 19 Jul 2008 14:33:52 +0300

Posted by Zed Qyves on Jul 19

hello,
Last time i checked nmap -sV was doing what ask as well as amap (or
vmap - i have a bad memory ).

Best regards,
Z

On 7/9/08, Aseem Kumar <kumaraseem_at_gmail.com> wrote:
> Hi,
>
> Thanks for all the gr8 replies.
>
> Showing of already remediated...

VoIP Attacks

Fri, 18 Jul 2008 23:49:23 +0200

Posted by contebral_at_web.de on Jul 18

Hello Folks,

Classical Attacks vectors against VoIP like SPIT (VOIP SPAM) and VoIP
Phishing are well known and documented. i'm curious if there exists
other client side attacks against voip that may compromise confidential
calls e.g. Telephon Banking or similar applications.

THX

How to get the list of domain admins

Fri, 18 Jul 2008 15:22:47 +1000

Posted by Shankar Arjunan on Jul 18

Hi all,

Can anyone tell me how to get list of users who are having domain admin
rights in a domain. I vaguely remember using it through command line
utility net use or net localgroup ..

Thanks in advance
Shankar

------------------------------------------------------------------------
...

Moderator Vacation and pen-test list submissions

Thu, 17 Jul 2008 16:57:29 -0700

Posted by Erin Carroll on Jul 17

All,

Pete Herzog's recent email about security vacations reminds me...

I will be on vacation from 7/18 - 7/27. While I will occasionally check
email for submissions, please be aware that response time may be slow and
your pen-test list submissions may time out or not go through. It really
...

Security Vacation Guide

Thu, 17 Jul 2008 23:37:12 +0200

Posted by Pete Herzog on Jul 17

Hi,

We're feeling summer pretty hard here at ISECOM and thought
summer/hacking/vacation - so we put it all together. So we made a security
vacation guide! Based on all that stuff we hackers loop about when we
worry about our stuff! So ISECOM presents: the Home Security Methodology
Vacation...

OSSTMM 3.0 LITE

Thu, 17 Jul 2008 19:04:49 +0200

Posted by Pete Herzog on Jul 17

Hi,

We have created OSSTMM 3.0 LITE for the DefCon attendees. It is a smaller,
simpler version of the OSSTMM 3.0 but does include the Data Networking
tests as well as instructions on how to use it. We will release it
publicly on Aug. 1st on the ISECOM website to coincide with that...

Re: Wired captive portal pen-test

Thu, 17 Jul 2008 10:08:29 +0300

Posted by Mario Spinthiras on Jul 17

I am not sure what kind of captive portal it was. I know for sure that
if the administrator limited the dns traffic or performed DPI
(cleverly) they could avoid NSTX bypasses. NSTX relies on dns queries
solely to be able to bypass CP. However by limiting the amount of DNS
queries per IP to a...

Re: Wired captive portal pen-test

Thu, 17 Jul 2008 07:40:36 +0200

Posted by Cedric Blancher on Jul 17

And what about trying to break the web application ? Tons of captive
portals fails at web application level, with very simple tricks such as
altering parameters on the fly...

Re: Auditing a Firewall rulebase

Thu, 17 Jul 2008 10:53:56 +0530

Posted by Meenal Mukadam on Jul 17

Hello Edgar,

Our tool Firesec (http://www.niiconsulting.com/products/Firesec.html) has a
feature specifically to convert Cisco PIX configurations to Netscreen. It
does this for Cisco ACLs and Objects, and using the Zone Names that you
inform us, but we could also tweak it to work with conduit...

ekoparty security trainings (2008) announcement

Thu, 17 Jul 2008 01:28:22 -0300

Posted by ekoparty on Jul 17

ekoparty 4th edition - www.ekoparty.com.ar
Information Security/Insecurity Conference.
October 2 and 3, 2008
Ciudad Autonoma de Buenos Aires - Argentina

What is ekoparty?

It's a one of a kind event in South America; an annual security conference held in Buenos Aires
where security...

RE: Wired captive portal pen-test

Wed, 16 Jul 2008 19:23:44 -0500

Posted by Sergio Castro on Jul 16

What I mean is that if he's not seeing ARP requests, it means there's a
switch-router there, and not a hub.

As to MITM, if the switch-router is FULLY secured, it is correct, you cannot
launch such attack. But if it has a standard, medium security configuration,
such attacks are possible; I do...

Re: Wired captive portal pen-test

Thu, 17 Jul 2008 00:44:06 +0200

Posted by Roman Medina-Heigl Hernandez on Jul 17

JosŽé M. Palazón Romero escribió:
> Anyway, I still think they are probably not filtering at layer 2.

They are (I think). I had a look to some public computer at the hotel and I
saw its IP. It was in the same subnet used by room's port. Nevertheless,
when I launched a MAC scan with Cain...

Re: Wired captive portal pen-test

Thu, 17 Jul 2008 00:32:59 +0200

Posted by Roman Medina-Heigl Hernandez on Jul 17

Mario Spinthiras escribió:

> I managed to successfully beat captive portal with NSTX. As far as

Which kind/"brand" of captive portal? As I previously said, NSTX or similar
can be defeated.

> vlans are concerned , by default catalysts have auto for trunk modes.
> If you...

Re: Wired captive portal pen-test

Wed, 16 Jul 2008 09:28:19 +0100

Posted by Jos M. Palazn Romero on Jul 16

Sergio Castro escribió:
> So yes, if you only see broadcast ARP requests from the router, the switch
> is very likely securely configured.

This is incorrect, Sergio. ARP replies are not broadcast, so it's
perfectly ok that he doesn't see them.

>
> Did you try using Cain? You...

Re: Auditing a Firewall rulebase

Wed, 16 Jul 2008 14:58:44 -0300

Posted by econtreras_at_fibertel.com.ar on Jul 16

hi all..somebody known about a tools o parser for old version of pix software, I need something to see a lots of conduit...or something to translate configuration from pix to netscreen firewall...

thank..

Edgar Carlos Alberto Contreras

----- Mensaje original -----
De: arvind doraiswamy...