Penetration Testing mailing list archives
RE: Corporate Intranet
From: "Michelli, Geoff" <Geoff.Michelli () SPR DOE GOV>
Date: Tue, 28 Apr 2009 07:27:04 -0500
I've done several of those. It usually involved getting access to their external router and creating a static route and a NAT rule from my external IP to their internal network. I've also done some pen tests where I was able to gather vpn login credentials, and used those to gain internal LAN access. In all of the cases where I've gained internal access, it involved poor security practices by the IT department. Default passwords, poor patching of appliances like routers and firewalls, etc... -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of iadcc Sent: Monday, April 27, 2009 1:45 PM To: pen-test () securityfocus com Subject: Corporate Intranet Has anybody done a penetration test, in trying to access a companies corporate intranet, from outside the Network? If so can you give me some pointers how you attempted to do so? -- View this message in context: http://www.nabble.com/Corporate-Intranet-tp23262533p23262533.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Corporate Intranet iadcc (Apr 27)
- RE: Corporate Intranet Michelli, Geoff (Apr 28)
- Re: Corporate Intranet Christian Eric Edjenguele (Apr 28)
- Re: Corporate Intranet Adriel T. Desautels (Apr 30)
- Re: Corporate Intranet Jeremy Brown (Apr 30)
- Re: Corporate Intranet Aarón Mizrachi (Apr 30)
- Re: Corporate Intranet Zack Payton (Apr 30)