Network Penetration Methods Empoloyed

Then an upstream gateway could be hoaxed leading to even more redirected traffic. Also a user's password hashes could be directed to the L0pht Crack sniffer port by sending the user an email with a url pointing to an UNC, which when clicked on by the user would send the hash to the port of the machine running the sniffer.

Vulnerability scanning of the client Network

Undertaken with the following .. ISS Internet scanner and Retina . for netbios and open shares .. and mainly Nessus for vulnerability to brute forcing and DoS attacks to breach systems remotely. Vetscan for extended analysis capabilities for exploiting CGI scripts, shares, services and finding buffer overflows. Cerberus for NT and SQL weaknesses including registry attacks. Net may be necessary to identify rogue processes masquerading on legitimate ports.

For the most attack-oriented tool Vatican could be used which launches nap for basic port identification and OS fingerprinting. Vetscan will then check observed vulnerabilities from the port scans and attempt share enumeration and ftpd identification, RPC, backdoors, mail vulnerabilities, web vulnerabilities, IIS and CGi and will investigate the Dos Feasibilities for the target. Small services will be identified for elimination on the targets and RPC risk elimination.

Nessus can be used to summarise risks across a network of hosts, and to list the security holes with appropriate warning and notes. The current version 1.0.10 will identify 900 odd vulnerabilities across network devices. It goes from nmap based port scan to highlight specific attack vulnerabilities, on Microsoft IIS for example, the report it produces will reference the CVE vulnerabilities database for remedial action.

Research

is undertaken with access to #linuxwarez #!r00t to obtain 0-day exploits from ADM, r00tabega and Team TESO. Also reference is made to the whitehat sources and independent organisations.