Penetration Testing mailing list archives
Re: An Amateur Pen-Test
From: max <max () neuropunks org>
Date: Fri, 22 Jun 2001 18:04:06 -0400 (EDT)
Try firewalk (www.packetfactory.net/firewalk/) for firewall and ACL test. Also, if you want to delve deeper into the fun of pentesting, try social engineering (call them and lie, and try to get passwords to routers, etc), and try trashing, if you have access to their premisses. Also, compromise a machine, and setup a sniffer on it, this way you might catch passwords/usernames, and recommend them to use ssl wrapping for most services and ssh as remote access software. It is always a good thing to compromise a host and show the customer how much damage a person with that level of access can do to their site/bussiness; besides setting up a sniffer, this would also involve going through all of the data you have access to on the compromised host, trying to find sensetive information like their customer information, credit card numbers, etc. If they use any sort of web scripting, like perl cgi's, it never hurts to go through their code (or brute force the cgi) looking for logical errors in it which can lead to a compromise (stuff like unchecked input so you can do host.com/cgi-bin/script.pl?../../../etc/passwd or something down those lines), but this is more of a code audit then a pen test, and requires deep knowledge of language used for cgi's as well as more money on customer's part. hope this helps, max On Thu, 21 Jun 2001, David Fuller wrote:
My ISP has asked me to do a penetration test for them and I would like to get an overview of what I should do short of running Nessus and banging on there (IDS / Logs) door. I have gone over there network with a few scripts and knowledge I have picked up from the list and Security Focus and I have discovered all there class C address spaces, I have found two servers vulnerable to a Unicode exploit and from there able to find out about a few host sitting behind a ACL / Firewall. Is there anything else I should be doing... like testing there firewall and seeing if I can scan the network behind it. David. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- An Amateur Pen-Test David Fuller (Jun 22)
- Re: An Amateur Pen-Test max (Jun 24)
- Re: An Amateur Pen-Test Damieon Stark (Jun 24)
- <Possible follow-ups>
- RE: An Amateur Pen-Test Brown, Joel (Jun 26)
- Re: An Amateur Pen-Test Jeff Magwood (Jun 29)