Penetration Testing mailing list archives
Re: Blind penetration testing
From: hofmemi () ey co za
Date: Wed, 3 Oct 2001 07:52:16 +0200
sounds like you are on the right track: use the following to identify there mail gateway ... which is normally a good place to try to access there internall network along with there web server (assuming this is not at a hosting farm somewhere)
dig domain mx in
then do whois & nslookup on the doamin.
whois domain () whois relevantwhoisserver net nslookup server therednsserver set type = any ls -d theredomain
once that is done i would suggest doing reverse DNS lookups on the C classes of the IP's you discovered above ...i usually use ghba for this
ghba X.X.X.0
Then try a couple of traceroutes to identify where there gateways / firewalls /servers are located good things to look out for here are wheter there webserver is located in a DMZ or at a hosting facility good luck Trey Mujakporue To: Pen-Test <pen-test () securityfocus com> <tmujak@lucen cc: t.com> Subject: Blind penetration testing 10/02/2001 04:49 PM Please respond to Trey Mujakporue Im about to start work on a completely blind penetraton test for a client. The only information i have been given is the company name. From this i can get their corporate web site and from there do a DIG for more company info and address ranges after which i can start my reconnaissance. Question, can anyone out there offer any tips based on this scenario? #include <signature.h> ://Trey Atarhe Mujakporue ://tmujak () ins com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ______________________________________________________________________ Ernst & Young South Africa - http://www.ey.com/southafrica WARNING: this e-mail contains confidential information and any unauthorised use or interception is illegal. If this e-mail is not intended for you, you may not copy, distribute or disclose the contents to anyone nor take any action in reliance on the content. If you receive this in error, please contact the sender and delete the material from any computer. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Blind penetration testing Trey Mujakporue (Oct 02)
- Re: Blind penetration testing Meritt James (Oct 04)
- RE: Blind penetration testing Jim Becher (Oct 04)
- <Possible follow-ups>
- RE: Blind penetration testing Sanchez, Scott (Oct 04)
- Re: Blind penetration testing hofmemi (Oct 04)
- Re: Blind penetration testing Ilici Ramirez (Oct 04)
- Re: Blind penetration testing Andrew Simmons (Oct 04)
- RE: Blind penetration testing Grab Raham (Oct 04)