Penetration Testing mailing list archives
Re: Help - Can I do an external pen-test in this network?
From: Joseph McCray <joe () learnsecurityonline com>
Date: Fri, 07 Mar 2008 19:49:38 -0500
Tushar, I'm really not trying to single you you (so please don't take offense to what I'm about to say). [quote] I have just completed my classes of Penetration Testing and have been asked to do a project.[end quote] <---- And now you are doing a test???? A few days ago I posted here about certification courses vs. having the background (e.g. Admin-level OS experience, Admin-level Network experience, a few years of programming, and the certs to back all of that up). Once you have that background it'd be a good idea to do this a few times with someone that is a pen-tester. Ok - off my soapbox...too late now you've got a client to take care of. Tips: 1. Client-side Attacks It's fairly common now to have to use client-side exploitation to get into a network. Ping-sweep, port scan, banner grab, gcc -o exploit exploit.c type of hacking is pretty much dead.... Reference: www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Caceres-up.pdf 2. Windows Command-line Tools Whatever point and click hack tools you have - GET RID OF THEM!!!!!!!!! Once you pop a shell you'll be sitting at a windows command prompt inside the target company's LAN. Now you need to be able to move your tools and exploits over too that compromised host. Watch out for anti-virus as it will snatch up damn near every publicly available hacking tool\exploit (e.g. netcat, popular .exe versions of exploits). So it would be a good idea to re-compile your own versions of these tools from source with minor (non-function affecting changes) so they don't get picked up by AV. Windows Tool Sites: http://www.ntsecurity.nu/toolbox/ http://packetstormsecurity.org/Win/indexdate.html http://www.nirsoft.net/utils/index.html http://www.hammerofgod.com/download.html 3. Don't do anything stupid Especially since this is your first test. DON'T USE AN EXPLOIT ON A PRODUCTION MACHINE THAT YOU'VE NEVER TRIED BEFORE IN YOUR OWN LAB!!!!!!!!!! Let me repeat that.... DON'T USE AN EXPLOIT ON A PRODUCTION MACHINE THAT YOU'VE NEVER TRIED BEFORE IN YOUR OWN LAB!!!!!!!!!! When I teach hacking classes I always tell a story about some pentesters that were at a site and attempted a man-in-the-middle attack without enabling IP forwarding so all of the redirected traffic could get to the real default gateway. They took down the entire network, and got kicked off site. 4. Properly Assessing your target [QUOTE] Internet -> router / modem provided by ISP (only static IP in organization)-> Switch -> about 100 systems in internal network (pvt IPs) blah blah blah blah Is there anyway I can get into this organization by doing an external pen-test. This is a small company into s/w development and uses only messengers to communicate with the outside world / clients etc. No major servers inside organization and none with pub IP address.[END QUOTE] If you know they only have 1 public IP address with no publicly available services running on it - Why are you port scanning it for vulnerabilities? Tushar - I don't know you from Adam, and I hope I'm not coming across as being harsh or insulting, but you've stepped into a list where this type of question seems to get asked here once a month by newbie testers. It's the typical "I'm port scanning a PIX, Checkpoint, ISA Server, or whatever firewall - how do I bypass it?" question. The question we usually ask each other after this is posted on the list is "Where do these people find clients?" People rarely answer the firewall bypass question on this list because if you really think about it - it's kind of a stupid question. If there is an exploitable service that the firewall is allowing you to get to - then you exploit the service (not the firewall) - and those types of vulnerabilities are so rare these days that when you do find them on a pentest - it's not a pentest anymore - it's INCIDENT RESPONSE because I guarantee you that box is already compromised. So Tushar - now I'm officially handing over to you the task of answering it next month when another newbie that has just passed his CEH, CPTS, SANS, BackTrack Course, or whatever it is this week. -- Joe McCray Toll Free: 1-866-892-2132 Email: joe () learnsecurityonline com Web: https://www.learnsecurityonline.com Learn Security Online, Inc. * Security Games * Simulators * Challenge Servers * Courses * Hacking Competitions * Hacklab Access "The only thing worse than training good employees and losing them is NOT training your employees and keeping them." - Zig Ziglar
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Help - Can I do an external pen-test in this network? to . tushar (Mar 07)
- Re: Help - Can I do an external pen-test in this network? Radu Oprisan (Mar 07)
- Re: Help - Can I do an external pen-test in this network? Joseph McCray (Mar 07)
- Re: Help - Can I do an external pen-test in this network? Joey Peloquin (Mar 08)
- Re: Help - Can I do an external pen-test in this network? Jason Thompson (Mar 12)