Penetration Testing mailing list archives
Re: [PEN-TEST] 2 quick questions
From: "sporty o'one" <sporty () SPORTY ORG>
Date: Fri, 15 Dec 2000 17:27:24 +0000
First is I was curious about routers: If a network has a router (a hardware one, not a computer running Linux or NT). Is there anything to be gained from breaking into the router through one of the remote administration points? Is this thus a fruitless exercise or is there something to show the customer or gain yourself if you are auditing your network's security?
you can certainly DoS the network. simply firewall/disable any given interface, change admin pass. do this on a sunday nite at about 6pm or when modes of transit become impossible to generate more anger.
Second I was curious about social engineering. Is this considered "fair play?" Is it discussed in advance? If you're allowed to do it how far do you take it? Do you take it the point where you do a mass mailing of BO or Sub 7 to show the owners of the network how vulnerable they are to this flaw (because isn't social engineering kind of a flaw even though it is a human one?) Or do you just stop with tricking them into revealing user names and passwords?
I personally think taking a machine that can be quickly redone or a dummy machine, set it up like a normal machine to be infected and show how easily done it is. If the excuse, "But you know how to do these things" comes from co-workers/supervisors, point out that you aren't exactly one of a kind.
Current thread:
- [PEN-TEST] 2 quick questions Leon Rosenstein (Dec 16)
- Re: [PEN-TEST] 2 quick questions Talisker (Dec 16)
- Re: [PEN-TEST] 2 quick questions Bill Pennington (Dec 16)
- Re: [PEN-TEST] 2 quick questions M Schubert (Dec 16)
- Re: [PEN-TEST] 2 quick questions sporty o'one (Dec 16)
- Re: [PEN-TEST] 2 quick questions Joe Shaw (Dec 19)
- <Possible follow-ups>
- Re: [PEN-TEST] 2 quick questions Bock, John (ISS San Francisco) (Dec 18)
- Re: [PEN-TEST] 2 quick questions Jose Nazario (Dec 18)
- Re: [PEN-TEST] 2 quick questions Skinner, Tim L. (Dec 19)