If the CTO is requesting it then you are over a major hurdle already, getting management to understand what it means when you can pop a box easily and allowing you to test like this.
I have had luck with taking Nessus scans and trying to exploit weaknesses with Metasploit to prove a point. I have also had success with just filtering Nessus output on "exploitable" vulnerabilities (can do that in filters in the web client). Nessus will show you in the results vulnerabilities that have confirmed exploits in metasploit/canvas/core. I think the key here is presenting your findings in a format that says more than "ha we got shell". Being able to frame up exactly what the impact to the business of that particular system getting compromised is. Does it hold important data? Is it a trusted system with access to other more important systems? The context of what you have compromised is really important. Good luck. Zate On Mon, Jan 17, 2011 at 11:16 PM, Steve <[email protected]> wrote: > I am curious to everyone's opinion on the following ....We have a small > group of servers in our environment that run out of date operating > systems, primarily windows 2000 and redhat 3. We are doing the dance > with business teams, migration is happening but slow. > Our CTO has asked the security team to begin testing exploit code > against these servers - a successful exploit would move that server up > the priority list of getting it migrated off onto a supported operating > system. Our tests only hit non-production servers so production is not > impacted. > > > Does anyone else have a similar process or tried something similar and > was it successful ? > > --Steve > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
