Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Hacking to Xp box
From: "McKinley, Jackson" <Jackson.McKinley () team telstra com>
Date: Mon, 5 Sep 2005 10:16:08 +1000

Move your focus to something that external and internal stakeholders are
going to freak out about.

Go for Databases, guarded corp secrets, websites, dns servers.

My first points of interest are always what is going to make the company
loose the most money if someone got into them.  Then try to think like a
hacker not a sysadmin, as someone as already pointed out.  

Set some benchmarks for your tests and get written approval or even
verbal will do to go ahead with the testing.  Remember you are going to
be attempting to break into your companies systems you may get luck or
you may create a DoS condition...

My first point is always a dig on the targets domain.  This will give
you some good info to start with. MX, NS, WWW.  These are all points to
which you can gain access.  

It will also tell you a lot about the companies "online" size.  Do they
have a whole /24? Or only a couple of IP's.. Who owns the IP's? is it an
ISP in your area? Is it a data centre that has good protections for
there clients?  Is there upstream vuln to attack?  Do they have a lot of
stupid dns records they don't need?  I always find the
vpn.whatevercompany.com to be interesting.  

Also the contact info in the whois records for there IP's will give you
emails.. These can be used to work out possible username strings.  Lots
of companies get users to login as there email address's, you now know
what the company uses as emails.  Also these can be used for attacking
mailservers.  Attempt to gain access to PoP accounts.  

If you start broad and then draw up you attack vectors and move from
there its always a safe bet you will find most of the wholes.  But there
is always the possibility that you will be still "own3d"



Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]