Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Pen testing techniques

from [jond] Network Security [Permanent Link]
Subject: Re: Pen testing techniques
Date: Wed, 9 Apr 2008 18:00:30 -0400 
I agree with everyone above training is more important that the tool
used. Core is an incredible tool, but it CAN'T be used alone.
My FIRST question would be what is the web app, and what version.
My SECOND question would be, is port 80 really the only thing open.

Did they know about the pentest in advance?


Jon



On Wed, Apr 9, 2008 at 5:11 PM, Jason <securitux@gmail.com> wrote:

Oh boy... let me intercept this before some others do, lol.

 You cannot rely on Core or any one tool for a pen test AT ALL. It's a
 great tool but there is SO much more to pen testing than relying on
 one single tool, in fact that is the cardinal sin. You need to follow
 a methodology and use an array of tools and manual techniques to make
 sure the test is thorough. When I do a web app pen test, the tools
 never find some of the nastiness that I do manually. Never. Web apps
 are a curious breed because they are usually custom coded in some way
 so every single one is different, making standard tools less useful.

 I am not surprised by your Core Impact results, it is a great tool but
 they are new to the web app game, and it hasn't been thoroughly
 developed yet. No fault of theirs, it just hasn't matured the way
 others have. For web apps I prefer a web app vulnerability scanner
 like Cenzic Hailstorm for the automated dumb stuff like XFS / XSS and
 basic authentication bypass. You definitely need to do manual checks,
 regardless of what the tools find. Try some injections and
 authentication bypass techniques, and, well, everything else too.
 Might want to do a search for the OWASP guide, they have great info on
 web app testing.

 Besides all this, have you used anything like nmap to find open ports
 and verify your results? Perhaps Core missed something. Is a stealth
 approach required to emulate a malicious hacker and therefore your
 checks need to be quiet and evade detection?

 I highly recommend if you are new to this to take a course or at least
 get some good books. A person really can't jump into pen testing like
 they can jump into product deployment / administration.

 Might want to search this list as well, you will find some helpful
 information I am sure.

 Good luck.

 -J



 On Wed, Apr 9, 2008 at 3:48 PM, Atif Azim <azim.atif@gmail.com> wrote:
 > Hello,
 >  I am new to pen testing and am currently involved in doing an external
 >  pen test for one of our clients.We are doing it through Core
 >  Impact.Reconnaisance showed only port 80 as open and the web server
 >  running IIS 6.0.Core Impact did not find any vulnerabilities in the
 >  server and hence was unable to penetrate.The web application was also
 >  tested for SQL Injection and PHP remote file inclusion and did not
 >  find any vulnerabilities there either.
 >
 >  My question is what else can we do besides relying on Core Impact for
 >  this pen test.And what impression can a client get if we say to them
 >  that there are no vulnerabilites in your network or web app.Its
 >  dificult to digest something like that for a security specialist that
 >  everythings alright.
 >
 >  Looking forward to some great views.Thanks.
 >
 >  Regards,
 >  Atif Azim
 >
 >  ------------------------------------------------------------------------
 >  This list is sponsored by: Cenzic
 >
 >  Need to secure your web apps NOW?
 >  Cenzic finds more, "real" vulnerabilities fast.
 >  Click to try it, buy it or download a solution FREE today!
 >
 >  http://www.cenzic.com/downloads
 >  ------------------------------------------------------------------------
 >
 >

 ------------------------------------------------------------------------
 This list is sponsored by: Cenzic

 Need to secure your web apps NOW?
 Cenzic finds more, "real" vulnerabilities fast.
 Click to try it, buy it or download a solution FREE today!

 http://www.cenzic.com/downloads
 ------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Pen testing techniques, Tommy May
Next by Date:  Re: Pen testing techniques, Jason
Previous by Thread:  Re: Pen testing techniques, Jason
Next by Thread:  Re: Pen testing techniques, Atif Azim
Indexes:  [Date] [Thread] [Top] [All Lists]