Best os to pentest on?

Exannor

Exannor

Well-Known Member
Newcomer
Level 4
Joined
Aug 9, 2018
Messages
95
Trophies
0
Age
24
XP
539
Country
United States
About any other linux distro or even windows can be used, but kali

which you are running right now
Idontknowwhattoputhere said:
I'm on kali linux
Click to expand...

is the best as it has almost every tool you need preloaded with a debian base or you can also use a distro called blackarch which is the same as kali, but has an Arch linux base instead of debian
 
Idontknowwhattoputhere

Idontknowwhattoputhere

bruh
OP
Member
Level 6
Joined
Jan 19, 2019
Messages
757
Trophies
0
XP
933
Country
United Kingdom
Exannor said:
About any other linux distro or even windows can be used, but kali

which you are running right now


is the best as it has almost every tool you need preloaded with a debian base or you can also use a distro called blackarch which is the same as kali, but has an Arch linux base instead of debian
Click to expand...
not what i meant
I meant whats the best os to use the exploits on?
 
Exannor

Exannor

Well-Known Member
Newcomer
Level 4
Joined
Aug 9, 2018
Messages
95
Trophies
0
Age
24
XP
539
Country
United States
Idontknowwhattoputhere said:
I mainly want to test windows
But i cant find a good insecure version
Click to expand...
Don't know what sort of exploit you are wanting to do since there are a good lot, but I don't think there needs to be an 'insecure version' since making a .exe via msfvenom and sending it over to the victim machine would do just as well. If you want to test metasploit, just doing a fresh install of windows 10 off of a USB drive should be fine. Also depending on what results you are going after, you can even pentest against windows 7 rather than 10(Businesses can still be on Windows 7/Windows Server 2008).
 
Idontknowwhattoputhere

Idontknowwhattoputhere

bruh
OP
Member
Level 6
Joined
Jan 19, 2019
Messages
757
Trophies
0
XP
933
Country
United Kingdom
Exannor said:
Don't know what sort of exploit you are wanting to do since there are a good lot, but I don't think there needs to be an 'insecure version' since making a .exe via msfvenom and sending it over to the victim machine would do just as well. If you want to test metasploit, just doing a fresh install of windows 10 off of a USB drive should be fine. Also depending on what results you are going after, you can even pentest against windows 7 rather than 10(Businesses can still be on Windows 7/Windows Server 2008).
Click to expand...
Mainly hoping to test remote pc code exec
Using big exploits like eternal blue
Double pulsar
If im going win7 should i go with a no service pack version?
 
Last edited by Idontknowwhattoputhere,
Exannor

Exannor

Well-Known Member
Newcomer
Level 4
Joined
Aug 9, 2018
Messages
95
Trophies
0
Age
24
XP
539
Country
United States
Idontknowwhattoputhere said:
Mainly hoping to test remote pc code exec
Using big exploits like eternal blue
Double pulsar
Click to expand...
Would suggest anything before March 14, 2017 if you have it as MS issued the update for the SMB protocol then

Or you should be able to uninstall updates from the current version of the ISO that MS has out there to be able to get a base version or older version of windows. Haven't tested it with those versions however I have uninstalled updates before on Win10, 7, and 8, but seeing as the ISOs come out with the 2018 updates already installed then you should be able to just uninstall them.
 
Last edited by Exannor,
  • Like
Reactions: Subtle Demise
Idontknowwhattoputhere

Idontknowwhattoputhere

bruh
OP
Member
Level 6
Joined
Jan 19, 2019
Messages
757
Trophies
0
XP
933
Country
United Kingdom
Exannor said:
Would suggest anything before March 14, 2017 if you have it as MS issued the update for the SMB protocol then

Or you should be able to uninstall updates from the current version of the ISO that MS has out there to be able to get a base version of windows. Haven't tested it with those versions however I have uninstalled updates before on Win10, 7, and 8, but seeing as the ISOs come out with the 2018 updates already installed then you should be able to just uninstall them.
Click to expand...
Thanks
I'm gonna try getting a untouched win7 iso
Last question
I Like testing on xp
But i cant find a 64 bit version of xp that works with the ms08_067 netapi exploit
Is there a version of 64 bit xp that works with dis sploit?
I also use armitage alot of the time
 
Exannor

Exannor

Well-Known Member
Newcomer
Level 4
Joined
Aug 9, 2018
Messages
95
Trophies
0
Age
24
XP
539
Country
United States
Idontknowwhattoputhere said:
Thanks
I'm gonna try getting a untouched win7 iso
Last question
I Like testing on xp
But i cant find a 64 bit version of xp that works with the ms08_067 netapi exploit
Is there a version of 64 bit xp that works with dis sploit?
I also use armitage alot of the time
Click to expand...


I don't know what version MS is pushing out for XP or any other sites that provide it such as the first link when you google '64 bit xp download', but kb958644 is the package that patches the netapi exploit. Uninstall that(Method of uninstalling the package should be similar to Win7, Win8, or Win10)
 
Idontknowwhattoputhere

Idontknowwhattoputhere

bruh
OP
Member
Level 6
Joined
Jan 19, 2019
Messages
757
Trophies
0
XP
933
Country
United Kingdom
Exannor said:
I don't know what version MS is pushing out for XP or any other sites that provide it such as the first link when you google '64 bit xp download', but kb958644 is the package that patches the netapi exploit. Uninstall that(Method of uninstalling the package should be similar to Win7, Win8, or Win10)
Click to expand...
Thanks!
You've been a great help :)
 
  • Like
Reactions: Exannor
FAST6191

FAST6191

Techromancer
Editorial Team
Level 32
Joined
Nov 21, 2005
Messages
36,341
Trophies
3
XP
27,293
Country
United Kingdom
There were super insecure distros and OSes made over the years, sometimes as honeypots, sometimes as test beds for training people on, but I have not kept up recently here (or indeed since flash and java were relevant).
Don't know if people made XP or 7 installs like that but I would not be surprised to see some of the boot XP from CD crowd have some fun there -- my interest in booting windows from disc is for using it to fix machines so I tend not to pay attention, however when I was looking for said recovery stuff once I did take a look to see what goes and they had a lot of interesting stuff. Similarly I don't know if any of the "you hack it, you win it" type contests share their builds or installers these days but that might also be a place to look.
 
Hayato213

Hayato213

..
Member
Level 24
Joined
Dec 26, 2015
Messages
16,235
Trophies
1
Location
Aionios
XP
14,730
Country
United States
Idontknowwhattoputhere said:
I'm on kali linux
Whats the best os to use tools like metasploit on?
Click to expand...

Probably on Windows XP or Windows 7 without any service pack, It was fun for me to learn how to use Backtrack Linux when I was in school. If you gonna do hacking, do it for educational purpose by the way or you will get into a lot of legal problems.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Skelletonike @ Skelletonike: link doesn't work +1