Penetration Testing mailing list archives
Re: [PEN-TEST] First step of a pen-test
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Tue, 19 Sep 2000 09:29:14 -0700
OK. Let's start over again. If you are given the the network domain name, one can start putting together an initial network footprint. ARIN database http://www.arin.net/whois/ Securities and Exchange Commission(SEC) http://www.sec.gov/ WHOIS database http://www.networksolutions.com PhoneSweep by Sandstorm http://www.sandstorm.net THC http://www.infowar.co.uk/thc/ ToneLoc http://www.hackersclub.com/km/files/pfiles/Tl110.zip Network Mapper (Nmap) http://www.insecure.org/nmap CyberCop Scanner 5.5 by NAI http://www.nai.com Internet Scanner by ISS http:/www.iss.net WebTrends Security Analyzerby WebTrends http://www.webtrends.com ESM www.axent.com At 02:38 PM 9/18/00 -0400, Christopher M. Bergeron wrote:
What is the industry norm for _beginning_ a pen-test after the contract has been made? Would one first map the network? Try to war-dial the exchange for possible remote (pcanywhere, etc). access machines? VRFY email addresses to look for user logins? Is it typical to ask for information about the network (ie. network architecture) beforehand or do most pen-tests start "blindly" and do the network reconnaissance. Thanks to anyone who addresses even one of my many questions.
Current thread:
- [PEN-TEST] First step of a pen-test Christopher M. Bergeron (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Tom Litney (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 19)
- [PEN-TEST] LDAP-nullbase krisk (Sep 20)
- Re: [PEN-TEST] LDAP-nullbase Brian Conte (Sep 20)
- Re: [PEN-TEST] LDAP-nullbase spi (Sep 20)
- [PEN-TEST] LDAP-nullbase krisk (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Erik Tayler (Sep 20)
- Re: [PEN-TEST] First step of a pen-test van der Kooij, Hugo (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Wandering One (Sep 20)
- <Possible follow-ups>
- Re: [PEN-TEST] First step of a pen-test Dunker, Noah (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Tonick, Mike (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Jason Stout (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 20)
(Thread continues...)