Penetration Testing mailing list archives
Re: Blind penetration testing
From: hofmemi () ey co za
Date: Wed, 3 Oct 2001 07:52:16 +0200
sounds like you are on the right track: use the following to identify there mail gateway ... which is normally a good place to try to access there internall network along with there web server (assuming this is not at a hosting farm somewhere)
dig domain mx in
then do whois & nslookup on the doamin.
whois domain () whois relevantwhoisserver net nslookup server therednsserver set type = any ls -d theredomain
once that is done i would suggest doing reverse DNS lookups on the C classes of the IP's you discovered above ...i usually use ghba for this
ghba X.X.X.0
Then try a couple of traceroutes to identify where
there gateways / firewalls /servers are located
good things to look out for here are wheter there webserver
is located in a DMZ or at a hosting facility
good luck
Trey
Mujakporue To: Pen-Test <pen-test () securityfocus com>
<tmujak@lucen cc:
t.com> Subject: Blind penetration testing
10/02/2001
04:49 PM
Please
respond to
Trey
Mujakporue
Im about to start work on a completely blind penetraton test for a client.
The only information i have been given is the company name. From this i can
get their corporate web site and from there do a DIG for more company info
and address ranges
after which i can start my reconnaissance.
Question, can anyone out there offer any tips based on this scenario?
#include <signature.h>
://Trey Atarhe Mujakporue
://tmujak () ins com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
______________________________________________________________________
Ernst & Young South Africa - http://www.ey.com/southafrica
WARNING: this e-mail contains confidential information and any
unauthorised use or
interception is illegal.
If this e-mail is not intended for you, you may not copy, distribute or
disclose the contents to anyone nor
take any action in reliance on the content. If you receive this in error,
please contact the sender and
delete the material from any computer.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Current thread:
- Blind penetration testing Trey Mujakporue (Oct 02)
- Re: Blind penetration testing Meritt James (Oct 04)
- RE: Blind penetration testing Jim Becher (Oct 04)
- <Possible follow-ups>
- RE: Blind penetration testing Sanchez, Scott (Oct 04)
- Re: Blind penetration testing hofmemi (Oct 04)
- Re: Blind penetration testing Ilici Ramirez (Oct 04)
- Re: Blind penetration testing Andrew Simmons (Oct 04)
- RE: Blind penetration testing Grab Raham (Oct 04)