Pentesters???

[Darryl Licht]

Hey any of you into Pentesting? Wired, wireless, password recovery, strictly white hat stuff. If so, what are your stories, experiences, favorite tools, etc???

 

[brady]

are you getting into the field? or just curious to see what tools people use to detect/exploit?

 

[vierasniper]

exploiter!

 

[Thorsen]

I don't have any of the tools now, but when I was in college I was able to scan IPs for open ports by the thousands and access computer terminals and upload/download, manipulate files, view screens and capture keys...

Messed around on a few friends computers with their permission. Never did anything malicious, but was into how to gain entry. I had probably about 10 diff. programs to allow access and prevent entry into my own computer. I Also knew how to get into a computer around the passwords and stuff like that.

I haven't messed with any of that though in at least 10 years. But it was fun

 

[brady]

Pen testing isn't that much fun - too many 'rules' that must be followed when pen testing

CEH - is a fun cert to get, learn quite a lot without being pinned down by rules and regulations.

 

[askWinters]

A few good tools:
Foundstone - A division of McAfee
Nmap - Free Security Scanner For Network Exploration & Security Audits.
Tenable Network Security

 

[Darryl Licht]

I've been learning and "playing" more and more with Linux based tools such as BackTrack which includes all the commonly used tools in one bootable Live CD. BTW, most of the best tools are Linux based... so in my opinion if I want to protect, I must know my enemy!

I was utterly amazed at the speed and ease of cracking into a WEP based wireless network... I have understood for years not to use WEP encryption, but I had no idea how easy it was to crack! A 13 year old with a laptop could be on your network now; using your bandwidth, or going into your shared folders. I setup a dummy router for this of course. It was cracked and I was using its Internet and changing router configuration within minutes!

I also tried cracking my own WPA encrypted wireless... Which I thought to be more secure. As I found out... it wasnt!

I do not use a word for my password, ever! I use a mix of typically upper and lowercase with numerals, some passwords I add special symbols to as weel for more security! My first attempt failed... a quick check of the huge word list I used contained a dictionary and a list of commonly used passwords and my pw of course wasnt in it. On my second try, after editing the word list and randomly adding my pw into it; I then cracked my WPA encryption in under 20 minutes!

I now run a WPA2 encrypted wireless network!

I have used older tools like BackOrifice (in the day), BackTrack, Ophcrack (and similar tools for getting Windows passwords), and others. I find them invaluable tools in my consulting business. I use them for those situations when I am repairing a system and the user forgot to give me a password, or isnt available, or has lost/forgotten/changed it.

 

[mckillwashere]

In the efforts of helping someone learn about security,
nMap,
Ophcrack,
Backtrack,
netscan,

then there is another side the human aspect.

 

[askWinters]

The Fedora Project now has a spin: About Spin: Security