Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Blind penetration testing
From: hofmemi () ey co za
Date: Wed, 3 Oct 2001 07:52:16 +0200


sounds like you are on the right track: use the following to
identify there mail gateway ... which is normally a good place
to try to access there internall network along with there web server
(assuming this is not at a hosting farm somewhere)

dig domain mx in

then do whois & nslookup on the doamin.

whois domain () whois relevantwhoisserver net
nslookup
server therednsserver
set type = any
ls -d theredomain

once that is done i would suggest doing reverse
DNS lookups on the C classes of the IP's you
discovered above ...i usually use ghba for this

ghba X.X.X.0

Then try a couple of traceroutes to identify where
there gateways / firewalls /servers are located
good things to look out for here are wheter there webserver
is located in a DMZ or at a hosting facility

good luck



                                                                                                                   
                    Trey                                                                                           
                    Mujakporue           To:     Pen-Test <pen-test () securityfocus com>                             
                    <tmujak () lucen        cc:                                                                       
                    t.com>               Subject:     Blind penetration testing                                    
                                                                                                                   
                    10/02/2001                                                                                     
                    04:49 PM                                                                                       
                    Please                                                                                         
                    respond to                                                                                     
                    Trey                                                                                           
                    Mujakporue                                                                                     
                                                                                                                   
                                                                                                                   



Im about to start work on a completely blind penetraton test for a client.
The only information i have been given is the company name. From this i can
get their corporate web site and from there do a DIG for more company info
and address ranges
after which i can start my reconnaissance.
Question, can anyone out there offer any tips based on this scenario?




#include <signature.h>
://Trey Atarhe Mujakporue
://tmujak () ins com



----------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/





______________________________________________________________________
 Ernst & Young South Africa - http://www.ey.com/southafrica

WARNING:  this e-mail contains confidential information and any
unauthorised use or
interception is illegal.
If this e-mail is not intended for you, you may not copy, distribute or
disclose the contents to anyone nor
take any action in reliance on the content.  If you receive this in error,
please contact the sender and
delete the material from any computer.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault