Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Lan Attacks
From: xx yy <thenucker2004 () yahoo com>
Date: Thu, 27 Mar 2008 12:34:14 -0700 (PDT)



Very good answer :) (what every pentester will answer), but I think, after the nature of his post he wanted
some kind of a short answer like: "use tool x and press button c". Well that kind of tool does not exist!

I suspect a NAT there, so your best choice would be to focus on the gateway and apply what other people
who answered said.
 


----- Original Message ----
From: Sat Jagat Singh <flyingdervish () yahoo com>
To: pen-test () securityfocus com
Sent: Wednesday, March 26, 2008 6:22:03 PM
Subject: Re: Lan Attacks

The methods are numerous.  The easiest are through
phishing or other forms of social engineering.  The
attacker can then use gathered credentials against any
exposed authentication interfaces you may have:
registration, financial aid, web mail, VPN, Terminal
Services / Citrix.  In a recent instance of doing
penetration testing at a college, I found weak
filtering of email attachment file types due to staff
and student protests over what they perceived as
"freedom of speech" issues.  The result was, I just
emailed an executable in a phishing message that, when
launched by the guileless user, gave me instant
internal access.  This was a simple proof of concept
using metasploit.  An actual attacker would use
something much more sophisticated.

Physical security is also notoriously weak at such
organizations.  Anybody can walk into most offices and
find unlocked workstations that are unattended with
ease.  Running the same executable can connect that
machine to an arbitrary location on the internet,
files can be gathered as well.  Once connected to the
attacker's site, he has forever to exploit the inside
of the network.

Web site vulnerabilities don't often lead to internal
networks but could over time.  If an attacker
succeeded in compromising a backend database through
the web site, they would have a good chance of
extending the attack internally.

Targeting specific employees and attacking their home
computers can also be very fruitful.  High-level
administrative staff often have remote access or even
sensitive organizational data stored on their home
systems.  Getting a keylogger onto one of these
systems could easily get an attacker to the point of
breaching your network.

Cross-site-scripting, XSS, attacks can snag users
caught in the wide net of links posted to very popular
web sites, through email spam, or through more
targeted social engineering of your staff.

Source routing, brute-force authentication attempts,
man-in-the-middle attacks are also possibilities
depending on your setup.


These are just a few of the easiest attacks.  There
are too many other methods to even go into.  It sounds
like you need a basic primer on internet security. 
The following sites hosts a number of related articles
that should be of interest:

http://searchsecurity.techtarget.com/featuredTopic/0,290042,sid14_gci1051115,00.html
http://www.sans.org/top20/

If you are tasked with any aspect of information
security for your organization, you should consider
purchasing some books on or researching the internet
regarding hacking techniques.

Good luck.

--- pushkar_love4u () yahoo co in wrote:

Well i  want to knw how we can attack the internal
network from the outside world.How the internal
address are useful for attacking the network from
outside internet world.Suppose 
our college has a staic ip address and it uses dhcp
for addressing the newtork so i want to know how we
can attack the network frm outside world.sorry for
asking stupid quesions here but plss suggest me
something about how the internal address can be
attacked frm outside network Thanks in advance
pls help me in this and suggest some reference









      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]