penetration testing - Tech Support

penetration testing: Posted by suraku@gmail.com on July 6th, 2006; i'm involved in a class at my university doing penetration testing of
various companies in our area however one of the companies apparently
has good, or at least decent, security, any attempts to nmap the
address return no open ports and no OS information(even on full 65535
port scan), nessus and n-stealth do not have any luck either. at this
point i'm thinking they have a good firewall but would still like to
try to find some vulnerabilities what would be a good next step to try
to either gain access WITHOUT DAMAGING THE SYSTEM or obtain more recon
information on the server to base future actions on.; Posted by Todd H. on July 6th, 2006; "suraku@gmail.com" <suraku@gmail.com> writes:

I sure hope you have their legal consent to do this. If not, and your
instructor has told you to do this, I'd say he or she is not too
bright and just begging for legal action of some sort.

You simply shouldn't do penetration testing without written legal
consent of the parties being evaluated. It's a good way to go to jail
(without passing Go or collecting $200).

Actually, that's called a firewall and hopefully is fairly common in
your survey.

Yeah, no point really in running nessus if there aren't any ports
listening.

Track down the paper on firewalking. It details a method of mapping
out the firewall ruleset at least. It's pretty clever in its
technique.

However, you're not likely to get a good handle on the systems behind
it.

Best Regards,
--
Todd H.
http://www.toddh.net/; Posted by Sebastian Gottschalk on July 6th, 2006; Todd H. wrote:
As long as you don't actively circumvent measures and actually spy on or
change data, you don't need any consent to do fully legal things.

not so fine, but fully legal actions.

"I've got a 'You get out of jail' free card!" (Trigger Happy TV)

Another interesting and/or additional approach is trying to exploit
well-known common TCP/IP problems like IP versions <> (4,6), various
types of sizing and fragmentation, certain TCP flag combination, various
TCP options, various ICMP codes, ... the tools of choice are hping3
(yes, there's a new version) and Perl (with Net::RawIP from CPAN).

Indeed. The best way to get a handle is to intercept the line (or doing
some DNS manipulation) to redirect traffic partitially to your system
and to pass some arbitrary chosen content that keeps up permanent
connections, allowing passing chosen traffic as connection-related content.; Posted by Todd H. on July 6th, 2006; Sebastian Gottschalk <seppi@seppig.de> writes:

Sebastianeriffic, my delightful fault finding friend, you're good at
picking apart definitions. Look up a few definitions of penetration
testing for us would ya?

Penetration testing vs network or vulnerability scanning is all about
testing that next step--i.e. the ability to actively circumvent
measures.

Or, just run a true pentest against a few sites of a sufficiently
clueful governement from your own IP and let me know how that works
out for ya.

On the corporate side, as you correctly say, whether laws are broken
is unrelated to whether or not you can be successfully sued for your
unauthorized pentest. Try pentesting a financial institution in or
around the time they have something go down. If downtime costs them
$100,000 a minute, you'll have a problem.

Yup, you got it. That's actually what our security group refer to the
legal indemnity letter as. And it's absolutely what one should have
before conducting a pentest upon targets you don't exclusively own.

Best Regards,
--
Todd H.
http://www.toddh.net/; Posted by Sebastian Gottschalk on July 6th, 2006; Todd H. wrote:

Actively circumventing is modification or bypassing, not using
legitimate channels. Or is knocking on your door a trivial of actively
circumventing your door? Please don't twist it with a successful
penetration and going further on penetrating. A penetration test is
supposed to show that a penetration on that way is not successful.; Posted by Bit Twister on July 6th, 2006; On Thu, 06 Jul 2006 20:51:24 +0200, Sebastian Gottschalk wrote:
Heheheh, sounds good but it will depend on laws made by the country
in which the event happens. Here in the United States of America some
states make it a crime to ping an ip address.; Posted by Todd H. on July 6th, 2006; Sebastian Gottschalk <seppi@seppig.de> writes:

Successful penetration -- be it as simple as logging onto a box using
a guessed default admin password is enough to put you in harm's way in
many countries unless you have consent.

This distinction is also a useful one to draw here as well
http://www.darknet.org.uk/2006/04/pe...ty-assessment/

The moral: a professor who tells his students to penetration test
random companies on the internet is an irresponsible moron IMNSHO.

Best Regards,
--
Todd H.
http://www.toddh.net/

Similar Posts

Account for penetration testing (Computer Security) by nobiscuit
Penetration testing tools for Cisco router & PIX (Routers) by Simon Watson
USB Thumbdrive Thumbprint Penetration Testing (Computer Security) by Dreez
CISSP , Adv. Ethical Hacking , Penetration Testing , Wireless Security and Scanning plus more - Lowest UK Prices - Guaranteed (Computer Security) by raza@raza.demon.co.uk
Re: CISSP , Adv. Ethical Hacking , Penetration Testing , Wireless Security and Scanning plus more - Lowest UK Prices - Guaranteed (Computer Security) by Philip