sounds like you are on the right track: use the following to identify there mail gateway ... which is normally a good place to try to access there internall network along with there web server (assuming this is not at a hosting farm somewhere) >dig domain mx in then do whois & nslookup on the doamin. >whois domainat_private >nslookup >server therednsserver >set type = any >ls -d theredomain once that is done i would suggest doing reverse DNS lookups on the C classes of the IP's you discovered above ...i usually use ghba for this >ghba X.X.X.0 Then try a couple of traceroutes to identify where there gateways / firewalls /servers are located good things to look out for here are wheter there webserver is located in a DMZ or at a hosting facility good luck Trey Mujakporue To: Pen-Test <pen-testat_private> <tmujak@lucen cc: t.com> Subject: Blind penetration testing 10/02/2001 04:49 PM Please respond to Trey Mujakporue Im about to start work on a completely blind penetraton test for a client. The only information i have been given is the company name. From this i can get their corporate web site and from there do a DIG for more company info and address ranges after which i can start my reconnaissance. Question, can anyone out there offer any tips based on this scenario? #include <signature.h> ://Trey Atarhe Mujakporue ://tmujakat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ______________________________________________________________________ Ernst & Young South Africa - http://www.ey.com/southafrica WARNING: this e-mail contains confidential information and any unauthorised use or interception is illegal. If this e-mail is not intended for you, you may not copy, distribute or disclose the contents to anyone nor take any action in reliance on the content. If you receive this in error, please contact the sender and delete the material from any computer. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 10:50:28 PDT