LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   testing my site for exploits (https://www.linuxquestions.org/questions/linux-security-4/testing-my-site-for-exploits-80617/)

juanb 08-10-2003 07:24 AM
testing my site for exploits
 
Hi !!
I want to check my sites security so what I did is I ran nmap and saw some open ports now how can I check what vulnerability and exploits I can run against those open ports and see how my site or computer behaves?

thanks

unSpawn 08-10-2003 09:16 AM
LQ ain't the place to ask for exploits or URI's to exploits. We're not that kind of board.

Besides that, if it's a live site, then I would advice against testing security that way. If runnin Nessus ain't enough, and you think it necessary to run exploits, please set up a box on your private and secured LAN to toy with, or run something like UML to curb risks wrt to unpredictable behaviour. Also, what tools have you loaded/put into place to "see how your site or computer behaves"? Are you sure you'll be capturing all changes made with those? And how are those possibly vulnerable daemons configured? Running as root? Chrooted?

If you want to check if a particular version of an application is vulnerable, consult the docs (like syslog-ng mentions a few angles of attack for instance), your vendors security reports and/or ask on their mailinglists/boards/NG's, look in the CVE database, or any respectable security site.

If you're willing to post a list in the form of name+version+release I'm sure we could help find out if these are vulnerable.

juanb 08-10-2003 12:10 PM
can u please explain to me some words that u used ? what is:

uml ,curb,chrooted cve databases.

so where can I find exploits?

I just want to test the real thing...
I will copy and beckup my site before.

thanks

markus1982 08-10-2003 12:41 PM
You should rather look for information on howto SECURE your machine than exploiting it. Exploiting is lame ...

smeyer 08-10-2003 06:02 PM
You want exploits go to http://packetstormsecurity.com .

unSpawn 08-10-2003 06:21 PM
can u please explain to me some words that u used ?
uml,curb,chrooted cve.

so where can I find exploits?
LQ is not the place to ask for exploits or URI's to exploits. We're not that kind of board.
(This also means members shouldn't post URI's here.)

h1tman 08-24-2003 08:16 PM
Quote:
Originally posted by markus1982
You should rather look for information on howto SECURE your machine than exploiting it. Exploiting is lame ...
cant secure it if your not testing it against exploits.:rolleyes:

trickykid 08-24-2003 08:41 PM
Quote:
Originally posted by h1tman
cant secure it if your not testing it against exploits.:rolleyes:
Apparently your not understanding what unSpawn and markus1982 are trying to make aware here on this thread and question.

Do not encourage exploiting on this site please, like we mentioned before, we don't do that here. There are better and more helpful ways to educate others on securing their Linux machines other than exploiting.

Regards.

FikseGTS 09-01-2003 07:22 AM
Juanb, try www.networkscanning.com or similar service if you don't have time to setup a scanner and test everything yourself.....


All times are GMT -5. The time now is 09:47 PM.