Scribd Logo
Upload

Welcome to Scribd!

  • Internal Penetration Testing

    Uploaded by

    Saroja Roja
    58 views22 pages
    Internal pentest

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Internal pentest

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    58 views22 pages

    Internal Penetration Testing

    Uploaded by

    Saroja Roja
    Internal pentest

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    Internal Penetration

    Testing

    Internal Penetration
    Testing
    Defining

    scope and goals


    Tools of the Test
    Presentation of findings

    Defining Scope and Goals


    Define

    specific goals for


    assessment
    What defines success?
    Identify vs. exploit?
    Should systems be tagged?
    Are screenshots enough?

    Create

    timelines
    Active assessment

    Limits
    Out of scope? Not for hackers
    Reading email in attempt to gain passwords
    Attacking workstations to gain network
    credentials
    Attacking administrative workstations to gain
    admin access
    Searching .txt and .doc files on workstations
    Searching .txt and .doc files on production
    systems
    Sniffing traffic
    Keystroke loggers
    Intentional denial of service

    Internal vs. External


    What is the difference?
    less or no access controls
    test systems
    trust relationships

    Tools of the Test


    1.
    2.
    3.
    4.
    5.
    6.
    7.
    8.

    Footprint
    Host Identification
    Service Identification
    Service Enumeration
    Host Enumeration
    Network Map
    HSV Scans
    Vulnerability
    Mapping/Exploitation

    1. Footprint
    Goal: identify ranges and
    domains
    net view /domain to identify
    domains

    Footprint
    Identify IP ranges
    SNMP
    DNS
    ICMP

    2. Host Identification
    Identify Hosts
    TCP
    ICMP

    Identify domain members using


    the NET command
    net view /domain:<domain>

    Host Identification
    Foundstone

    net view

    3. Service Identification
    Identify Ports
    TCP
    UDP

    Tool:
    Fscan i <ip>

    4. Service Enumeration
    Identify

    what is running on
    listening ports

    Tool:
    Nmap & Nessus

    5. Host Enumeration
    use all the previous information
    to make accurate guess at OS
    and version from Nessus reports

    6. Network Map
    Should be created to identify
    hosts, services and access paths.

    7. HSV Scans
    High Severity Vulnerability (HSV)
    Scans should be performed to
    identify systems with high
    severity vulnerability
    NetBIOS

    weak passwords
    SQL weak passwords
    Web Vulnerabilities

    Cont.
    NetBIOS weak passwords

    manual guessing techniques


    nbtenum ntsleuth.0catch.com
    nat Network Auditing Tool

    SQL weak passwords


    Tools
    SQLMAP
    SQLlhf
    SQLdict
    Sqlping2
    osql

    Remarks
    SQL can run on alternate ports

    Web vulnerabilities

    stealth
    whisker
    typhon

    8. Vulnerability Mapping/Exploitation
    Source port attacks
    If you use IPSec dont forget to use
    the NoDefaultExempt key
    HKLM\SYSTEM\CCS\Services\IPSEC\NoDefaultExec | DWORD = 1

    Web Attacks
    NetBIOS
    SQL Attacks

    9. Presentation of findings
    Report should be clear and concise
    Include screenshots
    Use action items for remediation
    Categorize findings
    TACTICAL
    STRATEGIC

    Presentation of findings
    Strengthening Microsoft
    Networks
    strong domain architectures
    rigid user management
    hardened applications
    principle of least privilege
    security baselines for systems
    defence in depth
    network segmentation
    3rd party audit

    THANK YOU

    You might also like