Re: [PEN-TEST] First step of a pen-test

["van der Kooij, Hugo" <Hugo.van.der.Kooij () CAIW NL>]

On Mon, 18 Sep 2000, Christopher M. Bergeron wrote:

> What is the industry norm for _beginning_ a pen-test after the contract has been made?  Would one first map the 
> network?  Try to war-dial the exchange for possible remote (pcanywhere, etc). access machines?  VRFY email addresses 
> to look for user logins?  Is it typical to ask for information about the network (ie. network architecture) 
> beforehand or do most pen-tests start "blindly" and do the network reconnaissance.

People tend to hand out business cards. So you have things like telephone
numbers, email address, company name.

After that it's digging and following threads.

In my opinion you should document these steps and show them how easily you
can obtain most information.

Nameservert that allow anyone to do a zone-transfer are extreemly good
sources for mapping out the information.

Basically ANY source of information is usable. Just document and explain
to the customer how you established your map. Don't dismiss the effect of
social enginering to gather a load of info.

For example. Call someone in the MIS department and ask them what info you
should add to the new router/switch/.... you are installing to make it
manageable from their network management and BTW can you give me an IP
address so we can hook it up next week and we can deliver it turn-key to
you. (Nice if you know the name of someone that just doesn't happen to be
in the office and would be involved with such jobs so the request seems to
be valid.)

Hugo.

--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () caiw nl     http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)