Penetration Testing mailing list archives

Re: An Amateur Pen-Test

From: max <max () neuropunks org>
Date: Fri, 22 Jun 2001 18:04:06 -0400 (EDT)

Try firewalk (www.packetfactory.net/firewalk/) for firewall and ACL test. 
Also, if you want to delve deeper into the fun of pentesting, try social
engineering (call them and lie, and try to get passwords to routers, etc),
and try trashing, if you have access to their premisses.
Also, compromise a machine, and setup a sniffer on it, this way you might
catch passwords/usernames, and recommend them to use ssl wrapping for most
services and ssh as remote access software. It is always a good thing to
compromise a host and show the customer how much damage a person with that
level of access can do to their site/bussiness; besides setting up a
sniffer, this would also involve going through all of the data you have
access to on the compromised host, trying to find sensetive information
like their customer information, credit card numbers, etc. 
If they use any sort of web scripting, like perl cgi's, it never hurts to
go through their code (or brute force the cgi) looking for logical errors
in it which can lead to a compromise (stuff like unchecked input so you
can do host.com/cgi-bin/script.pl?../../../etc/passwd or something down
those lines), but this is more of a code audit then a pen test, and
requires deep knowledge of language used for cgi's as well as more money
on customer's part.

 hope this helps,

max

On Thu, 21 Jun 2001, David Fuller wrote:

My ISP has asked me to do a penetration test for them and I would like to
get an overview of what I should do short of running Nessus and banging on
there (IDS / Logs) door. I have gone over there network with a few scripts
and knowledge I have picked up from the list and Security Focus and I have
discovered all there class C address spaces, I have found two servers
vulnerable to a Unicode exploit and from there able to find out about a few
host sitting behind a ACL / Firewall. Is there anything else I should be
doing... like testing there firewall and seeing if I can scan the network
behind it.

David.


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Current thread:

An Amateur Pen-Test David Fuller (Jun 22)
- Re: An Amateur Pen-Test max (Jun 24)
- Re: An Amateur Pen-Test Damieon Stark (Jun 24)
- <Possible follow-ups>
- RE: An Amateur Pen-Test Brown, Joel (Jun 26)
- Re: An Amateur Pen-Test Jeff Magwood (Jun 29)