Penetration Testing mailing list archives
Re: Host discovery
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Thu, 25 Feb 2010 17:12:10 +0800
Prepared to write a php script that logs all such requests to a log file and outputs hidden image or innocently looking signature-like image. Better choose some probable non-technical employees and send them a link to a web that you deploy a lists of browser-based discovery like CSS/JS LAN scanning, Java Applet's mac address/internal ip address sniffing. Or put a browser-based exploit that installs stealth malware which you can use for recon till exploitation. Hopefully this depends on your Social Engineering skills and how much employees are aware of against SE attack. Use Google Hacking/Public Forums/Job Posts that you can gain clues about their internal systems. YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net On Wed, Feb 24, 2010 at 4:33 AM, Ron Yount <rony () co island wa us> wrote:
Embeded pictures in the email may work. It could even be extended to find out individual workstation Ip's if each person linked to a different pictures. Then check the logs to see which pictures were opened. RY -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Oliver Kindernay Sent: Tuesday, February 23, 2010 11:25 AM To: pen-test () securityfocus com Subject: Re: Host discovery Yes but when company use webhosting's mail server this won't work. 2010/2/23 Andrew MacPherson <andrewmohawk () gmail com>:You could always look at simply sending a bounce mail, ie, mailing thisaddressdoesntexist () organisation com, and then review the headers,oftenmail servers will leak information especially if they are serving to an internal environment. -AM On Tue, Feb 23, 2010 at 1:27 AM, Oliver Kindernay <oliver.kindernay () gmail com> wrote:Hi, Let's imagine this situation. Some small company has internal network with some servers directly connected to the internet. Company's web is on the webhosintg. How can attacker now identify company's systems? I thought about something like sending email to employee with link to website which will log an ip address and hope employee will click on that link in work. But what are some more passive methods for this? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Host discovery, (continued)
- Message not available
- Re: Host discovery Oliver Kindernay (Feb 23)
- Re: Host discovery Pete Herzog (Feb 25)
- Re: Host discovery Adam Mooz (Feb 25)
- Re: Host discovery Oliver Kindernay (Feb 25)
- Message not available
- Re: Host discovery chr1x (Feb 25)
- Re: Host discovery Oliver Kindernay (Feb 25)
- Re: Host discovery chr1x (Feb 25)
- Re: Host discovery Marco Ivaldi (Feb 25)