Penetration Testing mailing list archives

Re: [PEN-TEST] Hypothetical Wargaming

From: Mark Teicher <mark.teicher () NETWORKICE COM>
Date: Sat, 7 Oct 2000 17:47:58 -0400

This seems a bit simple.  Why not scale the wargame to 100 or 1000 of
Windows based machines, then what would be one's methodology to cull all
the information together.  What type of script/techniques would be used.

PEN-TESTING usually is a few identified machines and one hope that rest of
the environment is the same, but in most large scaled enterprises that is
not the case.

/m

At 11:52 AM 10/7/00 +0000, H Carvey wrote:

Assume you're given a pen test.  All you have is a
domain name.  A couple of quick checks tell you
that the systems in question are Win32 machines.

Your goal is to "tag" a file.  No DoS allowed.

IIS, Exchange, and MS DNS are being used.

What steps do you take?  At each step, what do you
hope to gain, and what programs/scripts/techniques
do you use (give program name, and command line
switches/GUI options)?

At each step, assume both NT and Win2K.

Current thread:

[PEN-TEST] Hypothetical Wargaming H Carvey (Oct 07)
- Re: [PEN-TEST] Hypothetical Wargaming Mark Teicher (Oct 09)
- Re: [PEN-TEST] Hypothetical Wargaming Etaoin Shrdlu (Oct 11)
  - Re: [PEN-TEST] Hypothetical Wargaming Bennett Todd (Oct 11)
  - Re: [PEN-TEST] Hypothetical Wargaming van der Kooij, Hugo (Oct 12)
- <Possible follow-ups>
- Re: [PEN-TEST] Hypothetical Wargaming Dunker, Noah (Oct 09)
  - Re: [PEN-TEST] Hypothetical Wargaming Deus, Attonbitus (Oct 10)
- Re: [PEN-TEST] Hypothetical Wargaming Danny DS Stieler (Oct 09)
- Re: [PEN-TEST] Hypothetical Wargaming H Carvey (Oct 11)
  - Re: [PEN-TEST] Hypothetical Wargaming Deus, Attonbitus (Oct 11)