penetration test

Hey, i am doing a penetration test at the moment but i am wondering if i am still missing something. I always use nmap, test the pc's in my subnet which open ports there are then i use metasploit to exploit the remote pc's based on unupdated services.

Against webservers i like to use nikto as my assistant.

And the point of this thread is…?

GreyFox wrote: And the point of this thread is…? jelmer wrote: i am wondering if i am still missing something.

http://www.slideshare.net/amiable_indian/tactical-exploitation-hdm-valsmith http://blog.attackresearch.com/publications/hdmoore_valsmith_tactical_paper.pdf (essentially the same thing, just in pdf form and more of a whitepaper type of format)

Those should be interesting to you.

ynori7 wrote: [quote]GreyFox wrote: And the point of this thread is…? jelmer wrote: i am wondering if i am still missing something.[/quote]

moshbat wrote: I really do hate it when people quote two people without providing a comment themselves… I really hate it when people quote other people to post an off-topic post. CPs coming your way, hacker2k, for providing helpful, relevant information. :)