Penetration Testing mailing list archives
Re: [PEN-TEST] First step of a pen-test
From: "van der Kooij, Hugo" <Hugo.van.der.Kooij () CAIW NL>
Date: Tue, 19 Sep 2000 23:36:45 +0200
On Mon, 18 Sep 2000, Christopher M. Bergeron wrote:
What is the industry norm for _beginning_ a pen-test after the contract has been made? Would one first map the network? Try to war-dial the exchange for possible remote (pcanywhere, etc). access machines? VRFY email addresses to look for user logins? Is it typical to ask for information about the network (ie. network architecture) beforehand or do most pen-tests start "blindly" and do the network reconnaissance.
People tend to hand out business cards. So you have things like telephone numbers, email address, company name. After that it's digging and following threads. In my opinion you should document these steps and show them how easily you can obtain most information. Nameservert that allow anyone to do a zone-transfer are extreemly good sources for mapping out the information. Basically ANY source of information is usable. Just document and explain to the customer how you established your map. Don't dismiss the effect of social enginering to gather a load of info. For example. Call someone in the MIS department and ask them what info you should add to the new router/switch/.... you are installing to make it manageable from their network management and BTW can you give me an IP address so we can hook it up next week and we can deliver it turn-key to you. (Nice if you know the name of someone that just doesn't happen to be in the office and would be involved with such jobs so the request seems to be valid.) Hugo. -- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooij () caiw nl http://home.kabelfoon.nl/~hvdkooij/ -------------------------------------------------------------- Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)
Current thread:
- [PEN-TEST] First step of a pen-test Christopher M. Bergeron (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Tom Litney (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 19)
- [PEN-TEST] LDAP-nullbase krisk (Sep 20)
- Re: [PEN-TEST] LDAP-nullbase Brian Conte (Sep 20)
- Re: [PEN-TEST] LDAP-nullbase spi (Sep 20)
- [PEN-TEST] LDAP-nullbase krisk (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Erik Tayler (Sep 20)
- Re: [PEN-TEST] First step of a pen-test van der Kooij, Hugo (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Wandering One (Sep 20)
- <Possible follow-ups>
- Re: [PEN-TEST] First step of a pen-test Dunker, Noah (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Tonick, Mike (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Jason Stout (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 20)
- [PEN-TEST] anyone using firewalking? The Picard (Sep 20)
- Re: [PEN-TEST] anyone using firewalking? Jonathan Rickman (Sep 21)
- Re: [PEN-TEST] anyone using firewalking? El Nahual (Sep 21)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 20)
- Re: [PEN-TEST] First step of a pen-test H Carvey (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Loschiavo, Dave (Sep 20)