НА: Re: The Perfect Pen Test? Your opinions?

[Mihail.Vlasov at mdmbank.com (Vlasov Mihail)]

Metasploit - better pen-testing tools. We used those for solved problems in monitoring system,when needs solved what 
law (right) - monitoring system or 
Vendors...

Thanks HD Moore.

----- ???????? ????????? -----
??: Robin Wood <dninja at gmail.com>
??????????: 23 ?????? 2009 ?. 19:09
????: Mr Gabriel <angelisonline at gmail.com>
?????: framework at spool.metasploit.com <framework at spool.metasploit.com>
????: Re: [framework] The Perfect Pen Test? Your opinions?

2009/1/23 Mr Gabriel <angelisonline at gmail.com>:
> Dear All,
>
> Thanks for taking the time to read this message. First off - I'd like to say
> to HD Moore and co; keep up the damn fine work, and also to everyone on this
> list who helps others who have issues, (and I mean MSF based issues, not
> like, "my wife left me, because she caught me in my PA" type issues :) ).
> I've been trying for a long time to get my head around pen testing, and for
> me it's not too much of a problem to understand, I usually explain in in
> these four steps,
>
> Take a look around the network, to find as many end points as possible
> Take a look at each end point to see what services are running on which
> ports,
> Match the service, service version, port, and OS, to a known vulnerability
> Make use of the vulnerability, hence, proving a security breach/hole/issue
> ( I know this is a fifth step, but you could also use fuzzing, if no prior
> known vulnerability exists )
>
> Now, I've had numerous discussions with people that think there is much more
> to pentesting that what I just stated, and my argument is that, unless I
> already have a target in mind, how can I be more specific? It was at that
> point, I realise that people tend to have personal approaches to a pen test
> rather than a general approach - which leads me to my question - What would
> be your perfect pen test approach? Personally, I think the steps I have
> outlined, is the best principal you can follow, but I will be delighted if
> someone could not only prove me wrong, but improve on it :)
> The scenario is as follows;
> You are presented with an unknown network, you have no prior knowledge,
> other than the fact that it is an IP4 based network. You must prove that it
> has the potential to be compromised - what are your steps?

I'd say you were missing quite a bit, what about reconnaissance?
Google hacking, meta data gathering and all that? You don't have to
have a vulnerability if you can a password file sitting on google and
just walk in through the front door.

There are  other things such as brute forcing for passwords, checking
out web applications for vulnerabilities, this is different to
checking for vulnerabilities on the service running on port 80, social
engineering/targeted phishing attacks, the list goes on.

Robin
_______________________________________________
http://spool.metasploit.com/mailman/listinfo/framework