Re: Help - Can I do an external pen-test in this network?

[Radu Oprisan <radu () securesystems ro>]

to.tushar () yahoo com wrote:
> Hi,
>  
> I have just completed my classes of Penetration Testing and have been asked to do a project.
> I have an option to do either external or internal pen test.
>
> I can do an internal pen-test in one organization I've got, however, I am not sure how I can do an external pen-test in 
> this scenario. The following is the network. Please tell me if I can do an external pentest in this case and where can I 
> start.
>   

You can never do an outside pen-test _after_ you have completed an 
inside one because you already have some information about what is going 
on in that network. If this is the case, step back and let somebody else 
do it.

>  
> Internet -> router / modem provided by ISP (only static IP in organization)-> Switch -> about 100 systems in internal network (pvt IPs).
> Webserver & mails are hosted on public server. 
>  
> Ping: success
> Tried nmap: Host seems down. If it is really up, but blocking our ping probes, try -P0 (we are scanning a router here, so it 
> won't work)
>   

This depends on how far you are authorized to go and who is responsible 
for the router. If this is the ISP's job, you will need their consent in 
order for you to go "hacking" into their systems and you will most 
probably not get it.
A router that provides InterNet access by nat can still be interesting 
for you, read below.

> Is there anyway I can get into this organization by doing an external pen-test. This is a small company into s/w 
> development and uses only messengers to communicate with the outside world / clients etc. No major servers inside 
> organization and none with pub IP address.
>   

Are the any ports on the router forwarded to internal servers or 
workstations, you might have a way in. If there are not but you do have 
permission to conduct social engineering then you can try to lure some 
employees into some traps. The user is still the weakest link in the chain.
Have you conducted a wireless scan of their headquarters? This can 
provide you with a way in if there is a wireless access point installed.
Scenarios on how to do your job are endless but you must have permission 
to put them in action.

>  
> If you need any more info, please lemme know.
>  
> Regards,
> Tushar
>   


Cheers,
Radu Oprisan

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------