Penetration Testing: Re: Fwd: Penetration test of 1 IP address

[pagvac <unknown.pentester () gmail com>]

IMHO, this is a *way* too general question to be asked in this list.
Hundreds of posts could follow this topic.

I suggest 2 things: research and use your brain. That's really all you need.

On 2/9/06, Bob Radvanovsky <rsradvan () unixworks net> wrote:
> Believe it or not, many things that pen-testers and/or social engineers do are the "obvious" things.  Things that are 
> oblivious to most people, sometimes, are not-so oblivious to those who exist in a frame of mind that is "outside" 
> from everyone else's.
>
> Maybe this will put things into a slightly different perspective that perhaps you could relate to, or even 
> appreciate.  In school (high school, college, technical school -- it doesn't matter), have you ever worked on a 
> homework or lab assignment that had you *stumped*, only to ask, either the teacher of the class or a fellow 
> classmate, for some help, they come in, look at your configuration or the method/approach that you're taking, only 
> then to type/write something down in a matter of seconds?
>
> Sometimes, you need someone who's not immersed or engrossed in whatever your clients or environment has you bottled 
> up in.  Also, it takes a certain mindset to be able to view things from this perspective, and some would even argue 
> that it's genetic (born with a "gift" versus learned within an environment).  I tend to think that it combines a 
> little of both, taking into account people who have an ability -- a gift (if you will) -- that can perceive concepts 
> from either a wwwwwiiiiiiidddddeeeee perspective, then suddenly, at a moments notice, shift their train of thought to 
> something more tightly focused, only later go back to the wide-angle perspective again.
>
> Many people, many companies would like you to think that a "child" is what's behind most attacks, and some would 
> argue ostensibly, that it is a group of children performing such acts.  But what many fear, yet never state, is that 
> often times, there's a "mastermind" at work, that controls, manipulates, an endoctrinates these children into 
> performing whatever acts they do.  To some, they feel that they're doing this to (as you put it) get famous, others 
> want to get rich quickly, whereas some think that they're performing an act that they don't see as wrongful ("evil") 
> acts.  It is a known fact in psychology that children -- up to certain age groups -- have abilities of perception, 
> comprehenson, understanding and mental mechanics -- that far surpass most adults.  And thus drawing upon a conclusion 
> that (for sake of simplicity) the acts performed, either negatively or positively (it depends on who's performing 
> what) is mere "childs play".
>
> I would garner you this challenge.  Put yourself (or attempt to) into a frame of mind similar to what has been 
> discussed here, then ask yourself a single, yet importantly decisive question: "How would <xxx> perform such a task?" 
>  If you can answer that, then perhaps, you have a naturally-born gift for such levels of creativity that places such 
> as the NSA, CIA or various intel groups would *love* to hire you!!!  I've known children who have mathemtical 
> capabilities that would boggle even the best of mathematicians, and yet -- to them -- everything appears "easy" to 
> them.
>
> Having been "on both sides of the fence", I can tell you that it isn't easy.  I started college at age 14 -- well 
> before I was even finished with jumior high school -- and well on my way while I was still *in* high school!  Does 
> that make me smart?  Not really.  I just had a knack -- an ability -- to see things *differently* -- than most other 
> people did at that time.  This was in the late 1970's/early 1980's.  Times have changed since then, and not for the 
> better, either.  If you are thinking that tasks such as these are easy, you now need to think of the consequences 
> that are (now) often times associated with such tasks.  Yes, I'm talking about "bureaucracies" (possibly beyond even 
> your worst nightmarish perceptions of "Red Tape Hell" or "Paperwork Purgatory"), not to mention thinking of legal 
> (libel) consequences.  Many people on this discussion group (myself included) who wish to continue working -- freely 
> -- as a citizen, and thus, offer *some* consul, but not to the point of where they could be held liable for their 
> actions or suggestive content.
>
> Bob Radvanovsky, CISM, CIFI, REM, CIPS
> "knowledge squared is information shared"
> rsradvan (at) unixworks.net | infracritical.com | ehealthgrid.com
> (630) 673-7740 | (412) 774-0373 (fax)
>
> ----- Original Message -----
> From: Brian Loe [mailto:knobdy () gmail com]
> To: pen-test () securityfocus com
> Subject: Fwd: Penetration test of 1 IP address
>
>
> > Every time I see one of these e-mails the first question that pops
> > into my mind is, "where do I get a customer like that?!"
> >
> > The second thing that pops into my mind is that it can't be a "real"
> > job - that its most likely some high school kid who wants to be
> > famous, but not smart enough to figure out how.
> >
> > I'm not a security "expert". I've never done a pen test. However,
> > everything that has been suggested, I already knew how to do - and
> > would have known to do it.
> >
> > On 2/9/06, Levenglick, Jeff <JLevenglick () fhlbatl com> wrote:
> > > That's right.. Legal software. I wonder what would happen if this person
> > > was not legit and
> > > The company found out that all of the people on this list helped him?
> > >
> > > Or better yet. (as I stated before) This person does not have the
> > > background or knowledge to give this company
> > ------------------------------------------------------------------------------
> > Audit your website security with Acunetix Web Vulnerability Scanner:
> >
> > Hackers are concentrating their efforts on attacking applications on your
> > website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> >
> > futile against web application hacking. Check your website for
> > vulnerabilities
> > to SQL injection, Cross site scripting and other web attacks before hackers
> > do!
> > Download Trial at:
> >
> > http://www.securityfocus.com/sponsor/pen-test_050831
> > -------------------------------------------------------------------------------
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------