Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Pen testing techniques

from [Shenk, Jerry A] Network Security [Permanent Link]
Subject: RE: Pen testing techniques
Date: Wed, 9 Apr 2008 16:18:51 -0400 
Well, for starters, I'd never tell anybody that "there are no
vulnerabilities" unless perhaps the computer was powered off, all cables
cut, the hard drive melted down and buried in tons of concrete under a
dam...maybe;)

You might want to manually test the web site and see if you can find
anything.  Any tool is only as good as a tool can be...it can't put
things together like a human brain can so you might see some little
think that will turn into a big thing.

How about doing some manual reconnaissance?  Check out their DNS scope,
see if they've posted any router configs on the internet (I actually
found one once...wow!!).  What e-mail addresses can you find on the
internet?  Does the web server leak any internal information?  ...that
might not be an immediately exploitable tidbit but it's still
information that you could give them to help them make their security a
little bit better.  Did you figure out what kind of router and firewall
they have?  What's the makeup of this web site - any interesting static
content, how about any sample code laying around.

One thing you can do with CORE is generate some e-mails or just the
attachments that you can send to them.  If they have an older version of
acrobat (not unreasonably old either), maybe you can get an agent
installed on a box on the inside.  You'll probably need a lab to play
with that idea a bit before you start throwing e-mails
around...actually, you probably ought to play with all this stuff before
you start throwing packets around.

Oh, on the e-mail idea...what mail server are they running?  What mail
clients?  Don't know, send a few e-mails and see if you can get a
response.  Check out the headers and see what you can learn.

You might want to check out a few other tools too.  CORE does a ton of
stuff but there are a lot of other tools out there.  The best tool is
your brain...use it to understand your victim (client).

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Atif Azim
Sent: Wednesday, April 09, 2008 3:49 PM
To: pen-test@securityfocus.com
Subject: Pen testing techniques

Hello,
I am new to pen testing and am currently involved in doing an external
pen test for one of our clients.We are doing it through Core
Impact.Reconnaisance showed only port 80 as open and the web server
running IIS 6.0.Core Impact did not find any vulnerabilities in the
server and hence was unable to penetrate.The web application was also
tested for SQL Injection and PHP remote file inclusion and did not
find any vulnerabilities there either.

My question is what else can we do besides relying on Core Impact for
this pen test.And what impression can a client get if we say to them
that there are no vulnerabilites in your network or web app.Its
dificult to digest something like that for a security specialist that
everythings alright.

Looking forward to some great views.Thanks.

Regards,
Atif Azim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use 
of the individual or entity to which they are addressed and may contain 
information that is privileged, proprietary and confidential. If you are not 
the intended recipient, you may not use, copy or disclose to anyone the message 
or any information contained in the message. If you have received this 
communication in error, please notify the sender and delete this e-mail 
message. The contents do not represent the opinion of D&E except to the extent 
that it relates to their official business.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Pen testing techniques, Atif Azim
Next by Date:  Re: Computer Security Videos, Hugo Fortier
Previous by Thread:  Pen testing techniques, Atif Azim
Next by Thread:  Re: Pen testing techniques, Nathan Sportsman
Indexes:  [Date] [Thread] [Top] [All Lists]