Mailing List Archive

On Sep 2, 2008, at 12:34 PM, Yanyan Wang wrote:

> Sometimes at work I have to prove that a risk is actually
> vulnerable (don't ask me why I don't have proper training if it's
> for work, because the massive budget cut...). So, I have been
> searching on internet, and the result has not been so great, plus
> I'm not sure if I should try everything pops out. My question is,
> could someone point me to a correction and safe direction to learn
> exploitations? Thanks.


I think the process depends in large part on the particular
vulnerabilities you're trying to exploit. If they're issues that
Nessus itself is flagging, you could look into the plugins themselves
to see if they exploit the issue (as opposed to checking a version or
looking for a side-effect of the fix) or include a link to an advisory
that offers exploitation details. Or if an associated vulnerability
database id such as OSVDB or CVE offers any specifics.

In addition, Milw0rm (www.milw0rm.com) is a great source for exploits,
especially those affecting web applications, ActiveX controls, and
things like that. Metasploit (www.metasploit.com) is another.

George
--
theall@tenablesecurity.com



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus