Penetration Testing mailing list archives

RE: Corporate Intranet

From: "Michelli, Geoff" <Geoff.Michelli () SPR DOE GOV>
Date: Tue, 28 Apr 2009 07:27:04 -0500

I've done several of those.  It usually involved getting access to their external router and creating a static route 
and a NAT rule from my external IP to their internal network. 
I've also done some pen tests where I was able to gather vpn login credentials, and used those to gain internal LAN 
access.

In all of the cases where I've gained internal access, it involved poor security practices by the IT department.  
Default passwords, poor patching of appliances like routers and firewalls, etc...




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of iadcc
Sent: Monday, April 27, 2009 1:45 PM
To: pen-test () securityfocus com
Subject: Corporate Intranet


Has anybody done a penetration test, in trying to access a companies
corporate intranet, from outside the Network? If so can you give me some
pointers how you attempted to do so?
-- 
View this message in context: http://www.nabble.com/Corporate-Intranet-tp23262533p23262533.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits? 
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. 

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits?
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------

Current thread:

Corporate Intranet iadcc (Apr 27)
- RE: Corporate Intranet Michelli, Geoff (Apr 28)
- Re: Corporate Intranet Christian Eric Edjenguele (Apr 28)
- Re: Corporate Intranet Adriel T. Desautels (Apr 30)
  - Re: Corporate Intranet Jeremy Brown (Apr 30)
- Re: Corporate Intranet Aarón Mizrachi (Apr 30)
  - Re: Corporate Intranet Zack Payton (Apr 30)