[Gloucs] GnackTrack

Anthony Edward Cooper aecooper at coosoft.plus.com
Thu Sep 23 07:46:22 UTC 2010 

    Interesting, I have a college who is a pen tester and he says that 
if someone turned up with Core Impact and just used that he would not 
hire them again. As you say, no skill and a blunt instrument. When I saw 
CI I thought `P0wn by wizard'!.

    Taking your approach you maintain a keen and up to date knowledge of 
the subject and be able to explore unusual routes to getting that ever 
more elusive shell prompt.

    Many thanks once again. :-)

    Tony.
Matthew Phillips wrote:
> Ah ok Core Impact.
>
> Core Impact has it's uses but unfortunately it is far too automated. 
> Within the hacking community it is frowned upon as it is too automated 
> and far too aggressive.
>
> I've never used it myself but we've had various demos of it that 
> always leave me thinking "where is the skill in that".
>
> It's important that those who do use it also fully understand what and 
> exactly how it is performing various functions. The last thing you 
> want to do is start knocking off services on a live system. You also 
> need to ensure any injected data is logged so you can tell the 
> sysadmins where to clean up afterwards, i'm not entirely sure core 
> impact cares about what data it sends as long as it gets a shell....
>
> Oh yeah, one last, it's damn expensive!
>
> Matt
>
> On 23 September 2010 08:11, Anthony Edward Cooper 
> <aecooper at coosoft.plus.com <mailto:aecooper at coosoft.plus.com>> wrote:
>
>       Many thanks for the most fascinating talk :-). I doubt you get
>     invited to many LAN parties though :-) hehe.
>
>       I remembered what that darn tool was called - Core Impact... Do
>     you use that?
>
>       Many thanks once again,
>
>       Tony.
>     Matthew Phillips wrote:
>
>         Hi guys,
>
>         For those of you interested you'll be able to find GnackTrack
>         here:
>         www.gnacktrack.co.uk <http://www.gnacktrack.co.uk>
>
>         There are also vulnerable platforms you can test against,
>
>         There is a vm version of wackopicko on the GnackTrack website
>         which you can
>         use to practice web application testing.
>
>         You can also download damnvulnerablelinux or metasploitable
>         and use that for
>         network based testing.
>
>         Cheers for all the questions on the night
>
>         Matthew Phillips
>
>         P.s. To find some automated scripts such as wep, wpa, nmap etc
>         they are on
>         my personal website here: www.phillips321.co.uk
>         <http://www.phillips321.co.uk>
>         _______________________________________________
>         gloucs mailing list
>         gloucs at mailman.lug.org.uk <mailto:gloucs at mailman.lug.org.uk>
>         https://mailman.lug.org.uk/mailman/listinfo/gloucs
>          
>
>
>

More information about the gloucs mailing list