Re: Pen testing techniques

["Rafael Nuñez" <rafa () box sk>]

Mr. Atif,

You should go beyond a pentest software tool, vulnerability testing
may result in many false positive scores, or it may not detect certain
types of problems that are beyond the detection capabilities of the
Core Impact . We are aware about your motivation to figure out your
attack result and to develop a footprint of the target network. Some
of the things that might be useful for you to learn are network
address ranges, other host names, applications exposed on those hosts,
operating systems and application version information , which you are
already getting from the banner server services and can be altered.
Have you tried passive methods such as netcraft.com for a second
opinion? What about patch state of both the host and applications?,
Structure of the applications and back-end severs... which leads to
SQL injections, RFI and XSS attacks, have you tried to check more
elements at www.sectools.org ?

Don't get frustrated with your pentest if it is just for one tool
result. All platforms are securable, but all networks are exploitable
if they are not designed and implemented carefully. Poor
implementation is always poor implementation, regardless of the
underlying platform.

Try to get some hardcore 0day coder in order to help you out by
ethically exploiting the target and please don't forget social
engineering, making a phone call probably could get you more
information than getting stuck on CI sending some packets out.

Good luck Sir.

-rafa
CEO
www.cpiu.us
www.intelicorps.com
www.enfoqueseguro.com


On Wed, Apr 9, 2008 at 12:48 PM, Atif Azim <azim.atif () gmail com> wrote:
> Hello,
>  I am new to pen testing and am currently involved in doing an external
>  pen test for one of our clients.We are doing it through Core
>  Impact.Reconnaisance showed only port 80 as open and the web server
>  running IIS 6.0.Core Impact did not find any vulnerabilities in the
>  server and hence was unable to penetrate.The web application was also
>  tested for SQL Injection and PHP remote file inclusion and did not
>  find any vulnerabilities there either.
>
>  My question is what else can we do besides relying on Core Impact for
>  this pen test.And what impression can a client get if we say to them
>  that there are no vulnerabilites in your network or web app.Its
>  dificult to digest something like that for a security specialist that
>  everythings alright.
>
>  Looking forward to some great views.Thanks.
>
>  Regards,
>  Atif Azim
>
>  ------------------------------------------------------------------------
>  This list is sponsored by: Cenzic
>
>  Need to secure your web apps NOW?
>  Cenzic finds more, "real" vulnerabilities fast.
>  Click to try it, buy it or download a solution FREE today!
>
>  http://www.cenzic.com/downloads
>  ------------------------------------------------------------------------



-- 
---------------------------------------------------------------------------------------------------------------
The contents of this message, including the attachments, are confidential and
are to the designated recipient only. The print out, verbal or electronic
distribution and disclosure has to be authorized by the sender. If you are not
the designated recipient, it's prohibited the total or partial use of this
information.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------