Penetration Testing mailing list archives
RE: Hacking to Xp box
From: "McKinley, Jackson" <Jackson.McKinley () team telstra com>
Date: Mon, 5 Sep 2005 10:16:08 +1000
Move your focus to something that external and internal stakeholders are going to freak out about. Go for Databases, guarded corp secrets, websites, dns servers. My first points of interest are always what is going to make the company loose the most money if someone got into them. Then try to think like a hacker not a sysadmin, as someone as already pointed out. Set some benchmarks for your tests and get written approval or even verbal will do to go ahead with the testing. Remember you are going to be attempting to break into your companies systems you may get luck or you may create a DoS condition... My first point is always a dig on the targets domain. This will give you some good info to start with. MX, NS, WWW. These are all points to which you can gain access. It will also tell you a lot about the companies "online" size. Do they have a whole /24? Or only a couple of IP's.. Who owns the IP's? is it an ISP in your area? Is it a data centre that has good protections for there clients? Is there upstream vuln to attack? Do they have a lot of stupid dns records they don't need? I always find the vpn.whatevercompany.com to be interesting. Also the contact info in the whois records for there IP's will give you emails.. These can be used to work out possible username strings. Lots of companies get users to login as there email address's, you now know what the company uses as emails. Also these can be used for attacking mailservers. Attempt to gain access to PoP accounts. If you start broad and then draw up you attack vectors and move from there its always a safe bet you will find most of the wholes. But there is always the possibility that you will be still "own3d" Cheers Jack. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Hacking to Xp box, (continued)
- RE: Hacking to Xp box Omar A. Herrera (Sep 03)
- RE: Hacking to Xp box Enrique A. Sanchez Montellano (Sep 03)
- RE: Hacking to Xp box Michael Gargiullo (Sep 02)
- RE: Hacking to Xp box Josh perrymon (Sep 02)
- RE: Hacking to Xp box John Forristel (SunGard-Chico) (Sep 02)
- RE: Hacking to Xp box Eduardo Suzuki (Sep 03)
- RE: Hacking to Xp box Marco Monicelli (Sep 05)
- RE: Hacking to Xp box chad (Sep 03)
- RE: Hacking to Xp box Eduardo Suzuki (Sep 05)
- RE: Hacking to Xp box Marco Monicelli (Sep 05)
- RE: Hacking to Xp box McKinley, Jackson (Sep 05)
- Re: Hacking to Xp box Kelly Scroggins (Sep 06)
- Re: Hacking to Xp box Marco Monicelli (Sep 07)
- RE: Hacking to Xp box Steve.Cummings (Sep 06)
- RE: Hacking to Xp box Enrique A. Sanchez Montellano (Sep 06)
- Re: Hacking to Xp box Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Sep 06)
- Re: Hacking to Xp box Marco Monicelli (Sep 06)
- Re: Hacking to Xp box Marco Monicelli (Sep 06)