Re: Help - Can I do an external pen-test in this network?

From: Radu Oprisan (radu@securesystems.ro)
Date: Fri Mar 07 2008 - 16:50:39 EST

• Next message: Joseph McCray: "Re: Help - Can I do an external pen-test in this network?"
• Previous message: Thor (Hammer of God): "RE: Citrix application breakout - take care of Microsoft calculator"
• In reply to: to.tushar@yahoo.com: "Help - Can I do an external pen-test in this network?"
• Next in thread: Joseph McCray: "Re: Help - Can I do an external pen-test in this network?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

to.tushar@yahoo.com wrote:
> Hi,
>
> I have just completed my classes of Penetration Testing and have been asked to do a project.
> I have an option to do either external or internal pen test.
>
> I can do an internal pen-test in one organization I've got, however, I am not sure how I can do an external pen-test in this scenario. The following is the network. Please tell me if I can do an external pentest in this case and where can I start.
>

You can never do an outside pen-test _after_ you have completed an
inside one because you already have some information about what is going
on in that network. If this is the case, step back and let somebody else
do it.

>
> Internet -> router / modem provided by ISP (only static IP in organization)-> Switch -> about 100 systems in internal network (pvt IPs).
> Webserver & mails are hosted on public server.
>
> Ping: success
> Tried nmap: Host seems down. If it is really up, but blocking our ping probes, try -P0 (we are scanning a router here, so it won't work)
>

This depends on how far you are authorized to go and who is responsible
for the router. If this is the ISP's job, you will need their consent in
order for you to go "hacking" into their systems and you will most
probably not get it.
A router that provides InterNet access by nat can still be interesting
for you, read below.

> Is there anyway I can get into this organization by doing an external pen-test. This is a small company into s/w development and uses only messengers to communicate with the outside world / clients etc. No major servers inside organization and none with pub IP address.
>

Are the any ports on the router forwarded to internal servers or
workstations, you might have a way in. If there are not but you do have
permission to conduct social engineering then you can try to lure some
employees into some traps. The user is still the weakest link in the chain.
Have you conducted a wireless scan of their headquarters? This can
provide you with a way in if there is a wireless access point installed.
Scenarios on how to do your job are endless but you must have permission
to put them in action.

>
> If you need any more info, please lemme know.
>
> Regards,
> Tushar
>

Cheers,
Radu Oprisan

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Joseph McCray: "Re: Help - Can I do an external pen-test in this network?"
• Previous message: Thor (Hammer of God): "RE: Citrix application breakout - take care of Microsoft calculator"
• In reply to: to.tushar@yahoo.com: "Help - Can I do an external pen-test in this network?"
• Next in thread: Joseph McCray: "Re: Help - Can I do an external pen-test in this network?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:27 EDT