For research purposes I’ve recently modified Debian sources for the Linux Apache2 PHP5 stack and now I’d like to do some security penetration testing.
In particoular I modified the PHP5 core overriding system libc6 calls, the SuEXEC Apache wrapper and clamdscan daemon.
I’m trying some exploits, such as C99 madShell, ircBots, Mempodipper etc. But I think that are tools just for newbies (in fact I’m not really a security expert).
Can someone suggest me on how to do effective and evil pentests?
Probably more of a question for https://security.stackexchange.com/ and they’ve loads comments/answers on pen testing.
To be honest, the answer to your question could go on forever but here are a few documents and links on effective pen-testing.
Presuming you want to do legitimate pentests and have permission to do the pentest (very important to get written sign-off, I can’t emphasis that enough) then check out these documents from SANS –
http://www.sans.org/reading_room/analysts_program/PenetrationTesting_June06.pdf
http://www.sans.org/reading_room/whitepapers/auditing/conducting-penetration-test-organization_67
A lot of pen testers have a bad name because many of them simply run Nessus and give a canned report (don’t do that) so a bunch of top folk in the industry are trying to create a pen-testing standard so check this out – http://www.pentest-standard.org/index.php/Main_Page.
If you want to learn how to write exploits and start messing with shellcode then check out the http://www.exploit-db.com/ site and maybe join the Metasploit mailing lists or IRC channels.