Cheers BillV,

guess that might answer my question without finding the download

From experience a pentest kit will be relatively similar to an emergency jump bag of anyone who deals with critical systems/networks. Only difference is the general level of calmness during kit's use

My equipment hasn't really changed during the migration from administration to auditing.

now you're just showing off......

Dean,

I agree with you that social engineering is a valid attack vector (and often the most effective).

However, I think the initial comments (at the very least my own, but I thought others felt the same way) was that SE was something that wasn't enjoyed. For myself this is largely a confidence issue, I'm not a 'people person' therefore trying to convince someone I'm something I'm not is something I don't relish.

I do enjoy the non-interactive, techinical social engineering techniques however and have used dummy sites and spear-phising as an alternative. Following this thread I'm looking forward to testing what happens when I 'lose' a USB stick, thanks for the advice you gave njemjy regarding msfpayload as this should come in useful in this regard.

From those that are skilled at/enjoy social engineering, do you have any advice on how to best introduce yourself into a client's environment? I can't imagine anyone believing my cover stories, would you trust a nervous sweating bloke with your server room?

eth3real,

pretty similar to my kit, only additions I have are:

• Selection of tested Cat5 cables of varying lengths (Straight, cross- and roll-over)
• Cable tester
• RJ45 ends & crimping set
• Plane ticket to Brazil for when the .... REALLY hits the fan

I haven't passed the C|EH yet, is the BBC LNX any more useful than other pentest/audit distros?

but quite evil

Cheers Manu,

guess I've got a lot of late nights ahead of me...

will people please stop mentioning Uplink?

I've got work to do god damn it!

(And judging from _Marshel_'s screendump some catching up to do)

I'll second that, if I was that good at lying to people I would have gone into management

w00t!

Hows the site holding up under the legendary /. effect Don?

ChrisG,

I've actually just got back from a shopping trip where I saw this for the first time and considered a purchase. From reading your review I think you've just saved me from making a mistake, not much point in owning a book detailing a tool that I'll possibly never use.

I'll try to keep an eye out for it in the future bargain bins for the analysis of the samy worm though.

Thanks for the review.

ChrisG,

don't know about anyone else, but I just got the sense that I still have a loonnngggg way to go here. Still, it's always good to have something bring you back to earth to help refocus, thanks.

Brian,

nice video, I've had Cain&Abel on my 'Must look at' list for a while. Think you've just jumped it to the top of the queue.

Thanks

Sorry for replying to my own post, I managed to do a quick comparison sooner than expected. (Don't you love quite Fridays? ).

I've just ran the CIS Router Audit Tool (RAT) using the same configuration I initially used with Nipper. Mostly both tools came back with the same set of potential weaknesses. So unless they both missed the same issue the coverage appears to be similar with each tool.

The report created by RAT is shorter and more concise than Nipper's although part of that is achieved by hiding some information on hyperlinked pages. (Config file your testing needs to be in the same directory as the rat binary or the links won't work).

As well as listing weaknesses RAT assigns each issue a priority and determines a % score based on which tests you pass or fail. I'm not sure I like having metrics like this as anything that isn't 100% secure is vulnerable to something, and despite what the value says nothing is 100% secure.

As I touch on the SNMP aspects of the report with Nipper I'll do the same for RAT. As with Nipper, RAT complained that I didn't have snmp disabled, and failed me on failed me on 4 tests because I had multiple lines with the string 'snmp-server' (snmp-server community foo; snmp-server location bar etc.).

A feature that RAT implements that isn't fully available with Nipper is that it generates a Cisco command file to run against the device that will 'fix' every security issue with the device. Whilst I'm sure this could be a time saver in many scenarios, if I had blindly run this file against my device I would have lost a lot of functionality that I actually need. Again using SNMP for an example, it is utilised for statistic gathering and most importantly monitoring the state of the device.

As I said with my review of Nipper, don't just follow the advice and fixes without understanding the impact they will have on your network, unless you fancy a world of hurt

Overall, I quite like both tools and each has advantages over the other. Mostly it will come down to personal preference, which tool you know better and can better interpret the findings. Personally, I think I'll hang on to both for some cross checking.

Agreed, assuming nothing comes up in the meantime I intend to try CIS RAT at the weekend. I'll run through with the same config for each tool and try to get a comparison.

I'll update my findings as I get more