.

Pentesting Kit

<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Mon Mar 17, 2008 11:49 pm

Pentesting Kit

What do you guys keep in your pentesting/hacking kits? Mine isn't very much, and I want to add a few things to it.

This is what I keep in my kit:

Asus EeePC
USB DVD burner
USB HDD (120GB)
USB Flash drive (4GB)
BackTrack
Helix
Knoppix-STD
nUbuntu
The BBC LNX disc that came with the C|EH certificate ;D
A paperclip (for opening CD-ROM trays)
Screwdrivers
Lock picks (for computer cases with locks)
Flashlight
A notebook (you know, that analog thing that you can write in ;))

Some of this stuff gets used more since I'm the network admin at work, but it's still part of my kit.

I'm looking forward to some good responses. ;)
Put that in your pipe and grep it!
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Mar 18, 2008 3:52 am

Re: Pentesting Kit

eth3real,

pretty similar to my kit, only additions I have are:
  • Selection of tested Cat5 cables of varying lengths (Straight, cross- and roll-over)
  • Cable tester
  • RJ45 ends & crimping set
  • Plane ticket to Brazil for when the .... REALLY hits the fan ;)

I haven't passed the C|EH yet, is the BBC LNX any more useful than other pentest/audit distros?
<<

iSmith

User avatar

Full Member
Full Member

Posts: 157

Joined: Sun Jan 20, 2008 12:01 pm

Post Tue Mar 18, 2008 6:07 am

Re: Pentesting Kit

i take it that since you have so much equipment, you are a pro pen tester, eth3real. ;)
In my eyes, your operating system is as solid as swiss cheese.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Mar 18, 2008 6:33 am

Re: Pentesting Kit

iSmith wrote:i take it that since you have so much equipment, you are a pro pen tester, eth3real. ;)


From experience a pentest kit will be relatively similar to an emergency jump bag of anyone who deals with critical systems/networks. Only difference is the general level of calmness during kit's use ;)

My equipment hasn't really changed during the migration from administration to auditing.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Mar 18, 2008 8:19 am

Re: Pentesting Kit

RoleReversal wrote:I haven't passed the C|EH yet, is the BBC LNX any more useful than other pentest/audit distros?


I think if you search for it, you can find somewhere on the web to download it. I don't think it's maintained any longer (and hasn't been for a while if I remember). I couldn't even get the copy that came with my CEH to boot up.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Mar 18, 2008 8:24 am

Re: Pentesting Kit

BillV wrote:I think if you search for it, you can find somewhere on the web to download it. I don't think it's maintained any longer (and hasn't been for a while if I remember). I couldn't even get the copy that came with my CEH to boot up.


Cheers BillV,

guess that might answer my question without finding the download
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Tue Mar 18, 2008 8:27 am

Re: Pentesting Kit

Just my 2 cents:
I don't really keep a mobility bag for pen testing other than my preloaded usb hard drive (dual boot win xp and BT3), the normal collection of live CD's, and the usb wireless adapter I use for wireless hacking.  The rationale for this is that the majority of our pen testing occurs from a lab which is already setup for our use.  I use the this stuff when we've been asked to do a pen test from within the client site.  Most of the items you guys have mentioned (cables, screwdrivers, etc) I have in my forensics toolkit from when I used to regularly serve search warrants.  It hasn't gotten much use in the last couple of years, but the things I've noticed that you're missing from that list are:
-a variety of power supply connectors and cords, these always seem to come up missing when you need them
-cables for connection to SATA/ATA/IDE/SCSI hard drives, again, always seem to come up missing when you need them
-external and internal floppy drive, you'd be surprised how often you'll need these on older systems and you can't always count on usb support
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Tue Mar 18, 2008 8:36 am

Re: Pentesting Kit

RoleReversal wrote:I haven't passed the C|EH yet, is the BBC LNX any more useful than other pentest/audit distros?

Nope. It is relatively useless, unless there is something great on there that I have yet to find. I keep it in there for fun. ;D

iSmith wrote:i take it that since you have so much equipment, you are a pro pen tester, eth3real. ;)

I am really not a very good pentester, it's just part of my everyday tools as the network admin at the office. You wouldn't believe how many times a hard drive fails on a server in another department, and they can't find the freaking key. ;)

RoleReversal wrote:From experience a pentest kit will be relatively similar to an emergency jump bag of anyone who deals with critical systems/networks. Only difference is the general level of calmness during kit's use ;)

Exactly. :)

pseud0 wrote:Just my 2 cents:
I don't really keep a mobility bag for pen testing other than my preloaded usb hard drive (dual boot win xp and BT3), the normal collection of live CD's, and the usb wireless adapter I use for wireless hacking.

It's really just my laptop bag that I threw a few tools into. One of these days, when I am doing real pentesting, I will actually have a kit, separate from my laptop bag.

I actually do have a few things that I'm going to add to it:
Ethernet cable (I have oodles of it in the office)
USB IDE/MiniIDE/SATA adapter, with 5/12v power supply for Molex and SATA connectors.
Last edited by eth3real on Tue Mar 18, 2008 8:47 am, edited 1 time in total.
Put that in your pipe and grep it!
<<

Bogwitch

Jr. Member
Jr. Member

Posts: 51

Joined: Wed Aug 16, 2006 3:29 am

Post Tue Mar 18, 2008 9:33 am

Re: Pentesting Kit

My Kit:
Dell D840 with 3x HDD caddies, 1xWin2K, 2x Linux HDDs. Laptop modded slightly to allow an external Wifi aerial.
2 x USB to IDE/ Mini IDE/ SATA connectors.
2 x 500GB 3 1/2 IDEs
1 Omni and 1 Cantenna directional aerial
1 PCMCIA SCSI card with adpaters from 50 way SCSI to SCA 80 way
1 3C589 NIC
2 x 10MB Fibre-CAT5 media converters
2 x 100MB Fibre-CAT5 media converters
2 x 1GB Fibre-CAT5 media converters
8 port Dell 2708 Power connect configured to repeat traffic on ports 1-4 onto port 8
various CAT5 cable
various Fibre optic cable
2 x BNC T-Pieces and some coax.
Mini USB mouse
Lock picks
Hacksaw
Jewellers screwdrivers
2 x No. 1 crosshead (posidrive) screwdriver.
Gerber knife
Wire strippers
Various USB connection leads
USB dvd burner
CD case with Installs and live CDs and a smattering of small capacity 2 1/2 HDDs, just in case.
Notebook
Mobile Phone and charger
Analogue 'butt' phone.
Various power leads, 4 way power strip.
RF video camera. RF audio transmitter. RF video receiver. RF audio receiver.
RS232 cable and breakout box.
Crocodile clips.

This all fits in my laptop bag except the directional Wifi aerial. The bag is VERY heavy when full. :)
CISSP, C|EH, C|HFI
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Mar 18, 2008 9:37 am

Re: Pentesting Kit

Bogwitch,

don't fancy having to transfer your laptop bag around, but I've got to ask...
Bogwitch wrote:Hacksaw

???
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Tue Mar 18, 2008 10:00 am

Re: Pentesting Kit

The hacksaw is for when he's on the road.  You know the story: you're in a hotel for a week while you're doing the pen test, you meet someone in the hotel bar, bring them back to the room, it goes badly, and the next morning you need to get handcuffs off your wrists and ankles.  We've all been there.  As for the aerial antenna, the big one we keep in our office is so big that we carry it around in a golf case. It was already here when I got hired, and I'm still trying to figure out how they put the business case together to convince management to pay for it.  I've seen it used all of once.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Mar 18, 2008 10:04 am

Re: Pentesting Kit

pseud0 wrote:The hacksaw is for when he's on the road.  You know the story: you're in a hotel for a week while you're doing the pen test, you meet someone in the hotel bar, bring them back to the room, it goes badly, and the next morning you need to get handcuffs off your wrists and ankles.  We've all been there.


That answers my question, guess I'm just too young and inexperienced to have come across that particular issue yet ;)
<<

Bogwitch

Jr. Member
Jr. Member

Posts: 51

Joined: Wed Aug 16, 2006 3:29 am

Post Tue Mar 18, 2008 10:05 am

Re: Pentesting Kit

RoleReversal wrote:Bogwitch,

don't fancy having to transfer your laptop bag around, but I've got to ask...
Bogwitch wrote:Hacksaw

???


It came just after the lockpicks.....

But I like the handcuffs idea!
CISSP, C|EH, C|HFI
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Tue Mar 18, 2008 10:09 am

Re: Pentesting Kit

That is quite a kit.
A lot of that stuff I have in a toolbox in my trunk, but I don't really consider it part of my kit... Though, I definitely don't have a hacksaw in there.

I like the idea of a directional antenna, that is something I should think about getting.
Put that in your pipe and grep it!
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Tue Mar 18, 2008 4:05 pm

Re: Pentesting Kit

I think a tone generator and probe would also be a nice addition to this kit. We have one in the office, but it looks like my boss took it home for the week.

Some of this stuff, you really have to ask yourself "Okay, should this really go in my laptop bag, or should this stay in a toolbox in the trunk?"

Thanks for the great responses!
Put that in your pipe and grep it!
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software