Penetration Testing mailing list archives
Re: [PEN-TEST] Hypothetical Wargaming
From: Etaoin Shrdlu <shrdlu () deaddrop org>
Date: Wed, 11 Oct 2000 07:33:36 -0700
H Carvey wrote:
Assume you're given a pen test. All you have is a domain name. A couple of quick checks tell you that the systems in question are Win32 machines. Your goal is to "tag" a file. No DoS allowed.
I always assume that a DoS is cheating. Besides, any machine/network can be dossed -- proves nothing about the security of the site.
IIS, Exchange, and MS DNS are being used.
Assuming a little lead time, I start looking for the domain name out in the live world. Search engines are a wonderful thing, and people who are happy to make posts describing their brand new machine, and its setup, certainly make it easier to find a way in. I also consider the geographical area.
What steps do you take? At each step, what do you hope to gain, and what programs/scripts/techniques do you use (give program name, and command line switches/GUI options)?
First and foremost, what geographical region is it in? If it's the central US, I know that those folk have less attempts to deal with, and are less likely to have stayed up with the latest patches. This makes the MS databases on service packs and hot fixes an excellent resource. Geographical areas are also a help if you are trying random passwords, or constructing new dictionaries (assuming that you've acquired a nice SAM to play with). If it's the coasts in the US, or any of the more serious countries (such as Israel or Germany), I expect to find other things not metioned in the list above, since the bar for security is set a little higher (da skript kids have more skilz). I would probably not use a tool like firewalk against something so fragile as the set up above, since many NT based solutions seem to think that even the gentlest firewalk is a DoS. I would certainly use nmap and a stealth scan against the IP space, since it might turn up something that would point out the easiest targets.
At each step, assume both NT and Win2K.
While we are thinking on this subject, I wonder how many folk here use the more intrusive tools, or have written tools of their own that are more agressive than, say, nmap or ISS? .shrdlu -- Real programmers disdain structured programming. Structured programming is for compulsive neurotics who were prematurely toilet-trained. They wear neckties and carefully line up pencils on otherwise clear desks.
Current thread:
- [PEN-TEST] Hypothetical Wargaming H Carvey (Oct 07)
- Re: [PEN-TEST] Hypothetical Wargaming Mark Teicher (Oct 09)
- Re: [PEN-TEST] Hypothetical Wargaming Etaoin Shrdlu (Oct 11)
- Re: [PEN-TEST] Hypothetical Wargaming Bennett Todd (Oct 11)
- Re: [PEN-TEST] Hypothetical Wargaming van der Kooij, Hugo (Oct 12)
- <Possible follow-ups>
- Re: [PEN-TEST] Hypothetical Wargaming Dunker, Noah (Oct 09)
- Re: [PEN-TEST] Hypothetical Wargaming Deus, Attonbitus (Oct 10)
- Re: [PEN-TEST] Hypothetical Wargaming Danny DS Stieler (Oct 09)
- Re: [PEN-TEST] Hypothetical Wargaming H Carvey (Oct 11)
- Re: [PEN-TEST] Hypothetical Wargaming Deus, Attonbitus (Oct 11)