Re: [PEN-TEST] 2 quick questions

[Talisker <Talisker () NETWORKINTRUSION CO UK>]

2 quick answers

Firstly routers, if you can get into one there are many possibilities open
to you, which will allow you to do a great deal.  CAUTION, if you don't know
what you are doing you can really do some serious damage to their network
therefore tread carefully, I have a short Cisco router checklist on my
website, there are also links to some good security info from the Cisco site
that's worth looking at.  But don't play, get someone in who knows them, or
preferably prove you have them and leave it at that, tell the clients what
you could have done.

Secondly, Social Engineering, IMHO it's best to advise the client, for
example being paranoid as I am, possibly like some of your targets,  I
consider the possibility that every phone call is a potential adversary
engineering me (ok, I need to get out more) So when someone asks me what IDS
I'm running and I don't know who they are, I set about investigating and
advising others.  I've seen situations like this get out of hand and the
authorities get called in.  By advising the management they can stop
situations escalating beyond local control. Though you run the risk of
management giving staff the heads up about your intentions, especially if
the management is being tested on their performance from their bosses.   As
for mass emailing a trojan, this is going to unnecessary extremes creating
the very vulnerabilities that you should be identifying, far better to write
a basic harmless script that will notify you as to who has activated an
unknown .exe  eg if it's an NT network a "net send" to a specific
workstation.   Not quite related but I enjoyed it all the same, a guy left
his workstation unattended, in his absense someone wrote an email on his
behalf to everyone in the company about how he was coming out of the closet
and wished to be known as Mary at weekends.  Whilst I would never recommend
doing this to anyone the person concerned always logged off from then on.

Andy (Mary)  just kidding
http://www.networkintrusion.co.uk
Talisker's Network Security Tools List
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo
talisker () networkintrusion co uk

The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.





----- Original Message -----
From: "Leon Rosenstein" <l_rosenstein () MONTELSHOW COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Friday, December 15, 2000 2:55 PM
Subject: [PEN-TEST] 2 quick questions


> Hi everyone I was curious about two things as far as pen testing goes.
>
> First is I was curious about routers:  If a network has a router (a
hardware
> one, not a computer running Linux or NT).  Is there anything to be gained
> from breaking into the router through one of the remote administration
> points?  Is this thus a fruitless exercise or is there something to show
the
> customer or gain yourself if you are auditing your network's security?
>
> Second I was curious about social engineering.  Is this considered "fair
> play?"  Is it discussed in advance?  If you're allowed to do it how far do
> you take it?  Do you take it the point where you do a mass mailing of BO
or
> Sub 7 to show the owners of the network how vulnerable they are to this
flaw
> (because isn't social engineering kind of a flaw even though it is a human
> one?)  Or do you just stop with tricking them into revealing user names
and
> passwords?
>
> I am not pen testing, I was just thinking about these things before I fell
> asleep last night and I was curious.
>
> Anyway public or private responses welcome.
>
> Thanks.