Home page logo
/

pen-test logo Penetration Testing mailing list archives

[PEN-TEST] Network Scenarios
From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Thu, 7 Sep 2000 17:27:26 -0400

Has anyone ever performed or browsed a site which detailed a packet-level penetration test?

Scenario:
Auditor exhausted most known pen-tests and begins to think of a packet level based intrusion attempt.


[Steps]

Gather data on machine to be audited for about a week to analyze trends

Based on trends create sample packets with a packet injection suite from host(s) that convey information on a regular 
basis. (e.g.: Server runs SNMP in which sniffed packet data shows xxx information being transferred in concurrent 
sessions everyday at xx:xx time)

Auditor attempts to inject data as host to machine in an effort to access resources on machine.

[end steps]

Could be a session hi-jack in a sense, but what I would like to know if anyone has performed a test such as this. What 
can you gain? Well say machine x is running some propietary server/client trusted process which runs command between 
the scenes, sort of like an expect based script, one may be able to inject packet based data notifying machine x to run 
xxx script at the specified
time a certain trend was captured.

This would be a cool thing against cron based jobs which depend on client/server combinations to run jobs.

Has anyone performed anything similar or know of a site with relevant info linking to this type of pen-test/intrusion?

Please don't respond with state keeping processes or any type of load balancing packet switching information since I'm 
looking for simple, well semi-simple answers.


Sample
Trusted Host 10.24.0.5

Server       10.24.0.1

Auditor    192.168.0.5 (while injecting packets address becomes 10.24.0.5)

Time       9:00pm

Script1    script to ping another host to test keepalive

Injection  evil expect script to run evil command

Packets being transfered at 9:pm daily based on trend analysis
trustedhost -Time ---> script1 ---> host

Packet being injected
Auditor -Time ---> Evilexpect ---> host

[host]./evilexpect --> info --> Auditor

Sorry for the cheesy diagram and I'm sure this has probably been talked of before, but I've not seen it anywhere. 
Differences with hijacking a sequence vs. something like this...

Hijacking sequences takes time, patience, connectivity, massive brainwork, whereas something similar to this can be 
created in minutes and injected quickly if its something as simple as described above.

Any thoughts, tips, rants, raves, flames?

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup


  By Date           By Thread  

Current thread:
  • [PEN-TEST] Network Scenarios J. Oquendo (Sep 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]