Re: An Amateur Pen-Test

From: max (maxat_private)
Date: Fri Jun 22 2001 - 15:04:06 PDT

Next message: Rob J Meijer: "Re: Penetration Test: TACACS"

Previous message: Andrew van der Stock: "RE: Penetration Test: TACACS"
In reply to: David Fuller: "An Amateur Pen-Test"
Next in thread: Damieon Stark: "Re: An Amateur Pen-Test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Try firewalk (www.packetfactory.net/firewalk/) for firewall and ACL test. 
Also, if you want to delve deeper into the fun of pentesting, try social
engineering (call them and lie, and try to get passwords to routers, etc),
and try trashing, if you have access to their premisses.
Also, compromise a machine, and setup a sniffer on it, this way you might
catch passwords/usernames, and recommend them to use ssl wrapping for most
services and ssh as remote access software. It is always a good thing to
compromise a host and show the customer how much damage a person with that
level of access can do to their site/bussiness; besides setting up a
sniffer, this would also involve going through all of the data you have
access to on the compromised host, trying to find sensetive information
like their customer information, credit card numbers, etc. 
If they use any sort of web scripting, like perl cgi's, it never hurts to
go through their code (or brute force the cgi) looking for logical errors
in it which can lead to a compromise (stuff like unchecked input so you
can do host.com/cgi-bin/script.pl?../../../etc/passwd or something down
those lines), but this is more of a code audit then a pen test, and
requires deep knowledge of language used for cgi's as well as more money
on customer's part.

 hope this helps,

max

On Thu, 21 Jun 2001, David Fuller wrote:

> My ISP has asked me to do a penetration test for them and I would like to
> get an overview of what I should do short of running Nessus and banging on
> there (IDS / Logs) door. I have gone over there network with a few scripts
> and knowledge I have picked up from the list and Security Focus and I have
> discovered all there class C address spaces, I have found two servers
> vulnerable to a Unicode exploit and from there able to find out about a few
> host sitting behind a ACL / Firewall. Is there anything else I should be
> doing... like testing there firewall and seeing if I can scan the network
> behind it.
> 
> David.
> 
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
>

Next message: Rob J Meijer: "Re: Penetration Test: TACACS"
Previous message: Andrew van der Stock: "RE: Penetration Test: TACACS"
In reply to: David Fuller: "An Amateur Pen-Test"
Next in thread: Damieon Stark: "Re: An Amateur Pen-Test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 19:17:07 PDT