Penetration Testing mailing list archives
Re: [PEN-TEST] First step of a pen-test
From: "Tonick, Mike" <Mike.Tonick () PS NET>
Date: Thu, 21 Sep 2000 17:00:45 -0500
I may be even more rusty than you...but, wouldn't the following be right? sed 's/ /\\n/g' -----Original Message----- From: Dawes, Rogan [mailto:rdawes () DELOITTE CO ZA] Sent: Thursday, September 21, 2000 2:00 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: First step of a pen-test Try something like wget e.g. $ wget -r -l 5 http://www.example.com (specify html files only, no images, an appropriate level of recursion, etc) $ find www.example.com/ -name \*.htm\* -type f -print | xargs cat | "translate spaces to \n" | sort | uniq > wordlist (My sed is rusty, but I guess "translate spaces to \n" could be somthing like sed 's/ /\n/g' ) You will end up with a bunch of HTML tags, and URL's as well, but those you can filter if you want to. Rogan
-----Original Message----- From: Loschiavo, Dave [mailto:DLoschiavo () FRCC CC CA US] Sent: Wednesday, September 20, 2000 8:27 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] First step of a pen-test With checking out the website being a first step... Does anyone know if there is a tool that will comb through a website to pull nouns down into a dictionary file that you use for a customized dictionary attack specific to that company? -----Original Message----- From: Erik Tayler To: PEN-TEST () SECURITYFOCUS COM Sent: 9/19/00 9:25 AM Subject: Re: [PEN-TEST] First step of a pen-test In my experience, the first step of a pen-test is the recon & enumeration. Personally, I research the company, find out as much information I can from their webpages, or from google (employees, recent acquisitions and the like). For example, if Company ABC recently acquired Company DEF, they might have improperly assimilated Company DEF's network architecture into their own, which might be a gateway of sorts into penetrating Company ABC's systems. Gathering names of employees and important persons from the web would be a good start for the social engineering aspect of things. After that I would typically map the network according to operating system, listening services, et cetera. If routers/firewalls block the presence, planning of some source routing attacks would happen. One of the last steps [for me] is banner grabbing, checking versions of listening services and such, and finally exploiting known [and sometimes unknown holes]. This process varies from person to person, whatever makes you comfortable. Erik Tayler http://www.14x.net http://www.digitaloffense.net "Christopher M. Bergeron" wrote:What is the industry norm for _beginning_ a pen-test after thecontract has been made? Would one first map the network? Try to war-dial the exchange for possible remote (pcanywhere, etc). access machines? VRFY email addresses to look for user logins? Is it typical to ask for information about the network (ie. network architecture) beforehand or do most pen-tests start "blindly" and do the network reconnaissance.Thanks to anyone who addresses even one of my many questions.
Current thread:
- Re: [PEN-TEST] First step of a pen-test, (continued)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 20)
- [PEN-TEST] anyone using firewalking? The Picard (Sep 20)
- Re: [PEN-TEST] anyone using firewalking? Jonathan Rickman (Sep 21)
- Re: [PEN-TEST] anyone using firewalking? El Nahual (Sep 21)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 20)
- Re: [PEN-TEST] First step of a pen-test H Carvey (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Loschiavo, Dave (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Max Vision (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Dawes, Rogan (Sep 21)
- Re: [PEN-TEST] First step of a pen-test Riley Hassell (Sep 23)
- Re: [PEN-TEST] First step of a pen-test Erik Tayler (Sep 23)
- Re: [PEN-TEST] First step of a pen-test Riley Hassell (Sep 23)
- Re: [PEN-TEST] First step of a pen-test Tonick, Mike (Sep 22)
- Re: [PEN-TEST] First step of a pen-test Robert van der Meulen (Sep 22)
- Re: [PEN-TEST] First step of a pen-test Wolfgang Zenker (Sep 22)
- Re: [PEN-TEST] First step of a pen-test Missy, E (Sep 22)
- Re: [PEN-TEST] First step of a pen-test Cassiano Aquino (Sep 22)
- Re: [PEN-TEST] First step of a pen-test Robert van der Meulen (Sep 22)