Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Help - Can I do an external pen-test in this network?
From: Radu Oprisan <radu () securesystems ro>
Date: Fri, 07 Mar 2008 23:50:39 +0200

to.tushar () yahoo com wrote:
Hi,
I have just completed my classes of Penetration Testing and have been asked to do a project.
I have an option to do either external or internal pen test.

I can do an internal pen-test in one organization I've got, however, I am not sure how I can do an external pen-test in 
this scenario. The following is the network. Please tell me if I can do an external pentest in this case and where can I 
start.

You can never do an outside pen-test _after_ you have completed an inside one because you already have some information about what is going on in that network. If this is the case, step back and let somebody else do it.

Internet -> router / modem provided by ISP (only static IP in organization)-> Switch -> about 100 systems in internal network (pvt IPs). Webserver & mails are hosted on public server. Ping: success
Tried nmap: Host seems down. If it is really up, but blocking our ping probes, try -P0 (we are scanning a router here, so it 
won't work)

This depends on how far you are authorized to go and who is responsible for the router. If this is the ISP's job, you will need their consent in order for you to go "hacking" into their systems and you will most probably not get it. A router that provides InterNet access by nat can still be interesting for you, read below.

Is there anyway I can get into this organization by doing an external pen-test. This is a small company into s/w 
development and uses only messengers to communicate with the outside world / clients etc. No major servers inside 
organization and none with pub IP address.

Are the any ports on the router forwarded to internal servers or workstations, you might have a way in. If there are not but you do have permission to conduct social engineering then you can try to lure some employees into some traps. The user is still the weakest link in the chain. Have you conducted a wireless scan of their headquarters? This can provide you with a way in if there is a wireless access point installed. Scenarios on how to do your job are endless but you must have permission to put them in action.

If you need any more info, please lemme know. Regards,
Tushar


Cheers,
Radu Oprisan

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]