Penetration Testing mailing list archives

Re: [PEN-TEST] Firewall identification and penetration

From: Mike Ireton <mike () LIBRITAS COM>
Date: Thu, 24 Aug 2000 00:27:11 -0700

On Sun, 13 Aug 2000, Aurobindo (Robin) Sundaram wrote:


What do people think of auditors or penetration testers having privileged
access to start with? Does it save time? Or is it an unfair advantage to
start with?

Something to note is that since most breakins are from the inside, having a
non-privileged user account on the system is probably appropriate.

        The advantage in starting with privilidged access, is that you
have the opportunity to inspect more closely for 'obscurity' issues that
may not be readilly detectable from the outside, and which may be
concealing problems that are potentially the most dangerous problems a
site has. Going about it from a non-privilidged account wouln't let you
see things like, bad grants of sudo powers to users (because sudoers isn't
world readable, for example).


--
Mike Ireton
Senior Systems Engineer
Libritas, Inc (Formerly Bay Office Net) - http://www.libritas.com
Voice (510) 740-7700            Where do you want to go today?
                                With Linux, I'm already there...

Current thread:

Re: [PEN-TEST] Firewall identification and penetration Mike Ireton (Aug 24)
- Re: [PEN-TEST] Firewall identification and penetration Ben Lull (Aug 26)