Hi! Or reverse your search. Search for exploits first and then download that apps that you know that are vulnerable. There's a lot of sites with local/remote exploits for various daemons. regards Marcelo Gulin At 31/01/2002 05:44, Javier Fernandez-Sanguino wrote: >You can find information on vulnerable packages from the distribution's >main site. I don't know about others, but Debian, for example, dedicates >security.debian.org for this. Since the advisories are there you can >check out which Debian GNU/Linux packages are vulnerable. > >Of course, you can always use Bugtraq (www.securityfocus.com) for >information on vulnerabilities and see the cross-relationships with >GNU/Linux distributions (either the database or the advisories sent to >the mailing list). >Regards > >Javier Fernandez-Sanguino > > > -----Mensaje original----- > > De: Arturo "Buanzo" Busleiman [mailto:buanzoat_private] > > Enviado el: miercoles, 30 de enero de 2002 18:09 > > Para: pen-testat_private > > Asunto: Laboratory Setup Help (RS) > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > =- To moderator -= > > Moderator, my last post didn't go thru because you told me to > > search the > > archives. I did that, and found a couple of results, but I > > kindly request > > you to let this post pass, as my findings weren't exactly > > what I needed. > > *please* :) > > =- EOM > > > > Hello world's pen-testers! > > > > I was employeed last month by a company who wants to setup a Pen-Test > > laboratory that I will lead. The environment would be an homogeneous > > GNU/Linux network. > > > > What I need is you to recommend versions of the following > > packages/combinations: FTP, Apache/Cgi/MySQL, DNS, sendmail, etc > > > > that are remotely exploitable for gaining shell access (or > > the possibility > > to execute commands on the remote system), AND some local exploits to > > acquire root privileges. > > > > Of course, if you can lead me to specific documentation regarding the > > exploits of those packages versions, I will greatly > > appreciate it and be > > most thankful. > > > > Thank you very much to all of you! > > > > Arturo "Buanzo" Busleiman > > - -=( RareGaZz-Team Member )=- > > GNU/Linux USERS, MP Ediciones > > GNU's es_AR Translation Team Leader > > Moderador de Seguridadat_private > > Turcin Soluciones Informaticas http://www.turcin.com.ar > > http://www.buanzo.com.ar > > PGP/GnuPG Public Key available at horowitz.surfnet.nl > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.4 (GNU/Linux) > > Comment: For info see http://www.gnupg.org > > > > iD8DBQE8WCjI+kypiSoPpFoRAorxAJ47A3y5H7PMeNDRg154XwHqznvNdwCfcTcA > > 4OvlZoAueBCUXWCCPTEwvTM= > > =1Mku > > -----END PGP SIGNATURE----- > > > > > > -------------------------------------------------------------- > > -------------- > > This list is provided by the SecurityFocus Security > > Intelligence Alert (SIA) > > Service. For more information on SecurityFocus' SIA service which > > automatically alerts you to the latest security > > vulnerabilities please see: > > https://alerts.securityfocus.com/ > > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Feb 01 2002 - 15:18:24 PST