Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] First step of a pen-test
From: "Loschiavo, Dave" <DLoschiavo () FRCC CC CA US>
Date: Wed, 20 Sep 2000 11:26:58 -0700

With checking out the website being a first step...

Does anyone know if there is a tool that will comb through a website to pull
nouns down into a dictionary file that you use for a customized dictionary
attack specific to that company?

-----Original Message-----
From: Erik Tayler
To: PEN-TEST () SECURITYFOCUS COM
Sent: 9/19/00 9:25 AM
Subject: Re: [PEN-TEST] First step of a pen-test

In my experience, the first step of a pen-test is the recon &
enumeration. Personally, I research the company, find out as much
information I can from their webpages, or from google (employees, recent
acquisitions and the like). For example, if Company ABC recently
acquired Company DEF, they might have improperly assimilated Company
DEF's network architecture into their own, which might be a gateway of
sorts into penetrating Company ABC's systems. Gathering names of
employees and important persons from the web would be a good start for
the social engineering aspect of things. After that I would typically
map the network according to operating system, listening services, et
cetera. If routers/firewalls block the presence, planning of some source
routing attacks would happen. One of the last steps [for me] is banner
grabbing, checking versions of listening services and such, and finally
exploiting known [and sometimes unknown holes]. This process varies from
person to person, whatever makes you comfortable.

Erik Tayler
http://www.14x.net
http://www.digitaloffense.net

"Christopher M. Bergeron" wrote:

What is the industry norm for _beginning_ a pen-test after the
contract has been made?  Would one first map the network?  Try to
war-dial the exchange for possible remote (pcanywhere, etc). access
machines?  VRFY email addresses to look for user logins?  Is it typical
to ask for information about the network (ie. network architecture)
beforehand or do most pen-tests start "blindly" and do the network
reconnaissance.

Thanks to anyone who addresses even one of my many questions.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]