Penetration Testing mailing list archives
Re: Corporate Intranet
From: RaptorX <graptorx () gmail com>
Date: Sat, 2 May 2009 13:42:50 +0200
This is one of the best posts I have ever seen. Very descriptive. If you still not sure of what to do you just have to do a minimal extra research because 90% of the most important information is just right here. @Jeremy Brown I agree with you. And giving answers like the ones above you without really confirming if the person is a pen-tester or at least dont have intentions to do some dark work is in my opinion little careless. In any case it is good that he wants to learn. Just lets hope he doesnt show up on the news as the last caught e-thieve... On Wed, Apr 29, 2009 at 10:27 AM, Aarón Mizrachi <unmanarc () gmail com> wrote:
On Lunes 27 Abril 2009 14:14:52 iadcc escribió:Has anybody done a penetration test, in trying to access a companies corporate intranet, from outside the Network? If so can you give me some pointers how you attempted to do so?Indeed. there are various vectors of attack. But, generally, try this scheme. 1. Try to map or figure out how is the network inside... There are too many ways to do that. First of all, you must know where are the public IP address of your company. If you are under blackbox, try using google and maltego to identify useful information about the company. Other method is sending a legitim request by email to a coorporative email, and wait for reply... On reply, you may found useful information. Next, scan external services and possible ip addresses, sometimes there are useful information and information leakage over ip external addresses. 2. When the map is done, do an exhaustive service scan and identification over all ip addresses involved, specially on routers. And If you found exploits on there (routers), all the work is done. If no success: 3. With the previous information, make a dictionary, and try bruteforce attacks on sensitive services (VPN, Router logins, whatever) 4. Try to exploit founded vulns (all depends on updates and configuration of every service). - On routers, many exploits involves download config, if you are lucky, you will found password there. Another option is create a VPN user or a route/nat entry. - On Webserver (or similar), if the webserver are shared on the intranet, you may try to get access on there. Then, you may redirect your connections to the intranet with a VPN (like openvpn) - On misconfigured proxies, a common mechanism are the "reverse proxy" method, remember that you need to know internal ip addresses notation or bruteforce it. - On internet browsers combined with Social Engineering, you could try to identify and exploit internet navigator bugs to put your reverse connection code inside the network. 5. If no success, you may try to use social engineering to put a trojan inside the network, then, redirect your connections over the trojan. Outgoing traffic usually can be bypassed with systems like IODINE, or OpenVPN using 443 port... To avoid IDS/IPS detection, you could use different ip addresses and delay timing policies. And finally, this is a scheme to do that, but never the definitive guide to external pentesting. All depends on internal configuration, updates, managment policies, and others. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
-- ====================================================================== "The shortest way to do many things is to do only one thing at a time." ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Re: Corporate Intranet RaptorX (May 04)
- <Possible follow-ups>
- Re: Corporate Intranet Adriel T. Desautels (May 07)
- Re: Corporate Intranet Steve Pinkham (May 07)
- [Tools update] The Security-Database Watch Newsletter -- v20090511 SD List (May 14)