Penetration Testing mailing list archives
RE: Pen testing techniques
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Wed, 9 Apr 2008 16:18:51 -0400
Well, for starters, I'd never tell anybody that "there are no vulnerabilities" unless perhaps the computer was powered off, all cables cut, the hard drive melted down and buried in tons of concrete under a dam...maybe;) You might want to manually test the web site and see if you can find anything. Any tool is only as good as a tool can be...it can't put things together like a human brain can so you might see some little think that will turn into a big thing. How about doing some manual reconnaissance? Check out their DNS scope, see if they've posted any router configs on the internet (I actually found one once...wow!!). What e-mail addresses can you find on the internet? Does the web server leak any internal information? ...that might not be an immediately exploitable tidbit but it's still information that you could give them to help them make their security a little bit better. Did you figure out what kind of router and firewall they have? What's the makeup of this web site - any interesting static content, how about any sample code laying around. One thing you can do with CORE is generate some e-mails or just the attachments that you can send to them. If they have an older version of acrobat (not unreasonably old either), maybe you can get an agent installed on a box on the inside. You'll probably need a lab to play with that idea a bit before you start throwing e-mails around...actually, you probably ought to play with all this stuff before you start throwing packets around. Oh, on the e-mail idea...what mail server are they running? What mail clients? Don't know, send a few e-mails and see if you can get a response. Check out the headers and see what you can learn. You might want to check out a few other tools too. CORE does a ton of stuff but there are a lot of other tools out there. The best tool is your brain...use it to understand your victim (client). -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Atif Azim Sent: Wednesday, April 09, 2008 3:49 PM To: pen-test () securityfocus com Subject: Pen testing techniques Hello, I am new to pen testing and am currently involved in doing an external pen test for one of our clients.We are doing it through Core Impact.Reconnaisance showed only port 80 as open and the web server running IIS 6.0.Core Impact did not find any vulnerabilities in the server and hence was unable to penetrate.The web application was also tested for SQL Injection and PHP remote file inclusion and did not find any vulnerabilities there either. My question is what else can we do besides relying on Core Impact for this pen test.And what impression can a client get if we say to them that there are no vulnerabilites in your network or web app.Its dificult to digest something like that for a security specialist that everythings alright. Looking forward to some great views.Thanks. Regards, Atif Azim ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Pen testing techniques Atif Azim (Apr 09)
- RE: Pen testing techniques Shenk, Jerry A (Apr 09)
- Re: Pen testing techniques Nathan Sportsman (Apr 09)
- Re: Pen testing techniques Jason (Apr 09)
- Re: Pen testing techniques jond (Apr 09)
- Re: Pen testing techniques Atif Azim (Apr 09)
- Re: Pen testing techniques Erik Harrison (Apr 11)
- Re: Pen testing techniques Joey Peloquin (Apr 11)
- Re: Pen testing techniques vtlists (Apr 11)
- Re: Pen testing techniques jond (Apr 09)
- Re: Pen testing techniques v3nd3rs5uck (Apr 11)
- RE: Pen testing techniques Jason (Apr 12)
- Re: Pen testing techniques Nathan Sportsman (Apr 12)