The goal of the scanning phase is to learn more information about the target
environment and discover openings by interacting with that target
environment. This article will look at some of the most useful scanning tools
freely available today and how to best use them. During this process we'll
perform a number of scans.
Network sweeping - Basic technique used to determine which of a range of IP
addresses map to live hosts. Network tracing – A facility for tracing the
route of a computer that is connected to the Internet. Port scanning –
software application designed to probe a network host for open ports. OS
fingerprinting – analysis of the TCP/IP stack to determine target operating
system. Version scanning – Interacting with different ports to determine
protocols they speak and possibly the version of service listening on given
port. Vulnerability sca... (more)
The OpenSSL is based on SSLeay library developed by Eric A. Young and Tim J.
Hudson and licensed under an Apache-style license. OpenSSL has lots of
features but I will cover encoding, checksums, encryption, passwords and pass
Many Linux distributions have OpenSSL as part of the bundled packages and is
most likely located in /usr/bin. To find it on your system type:
$ which openssl
$ openssl version
OpenSSL 1.0.0a 1 Jun 2010
Versions may vary and currently openssl-1.0.0d Feb 8 is the current version.
Most of the examples that are found in this document sh... (more)
When performing a penetration test on a customer’s network by simulating an
attack and trying to find a way inside many forget there is an easier way.
Many networks have well established security protection through firewalls,
Intrusion Detections/ Protections Systems that will alert to your presents.
Performing a vulnerability scan using tools such as NeXpose, Nessus, nmap,
etc will alert many systems. By performing some research on the target and
learn what the company does you can narrow your attack. By using some social
engineering you can email your payload to an inspecting v... (more)
Having your network environment protected with the latest virus protection,
control what software is installed and allowed to run, restrict ingress and
egress network access, protect web browsing, limit user account access,
update security patches, change management practices, etc. All these efforts
are critical to follow in the corporate environment but all will fall short
if you don't have the proper monitoring in place to detect badness on your
network and to respond quickly and effectively when it happens. When your
network has the proper monitoring in place and knowledgeable... (more)
The purpose of this article is to describe some tools and techniques in
performing the planning, scoping, and recon portion of a penetration test. In
covering these tools and techniques the reader will learn how to use them to
find vulnerabilities in their organization and help improve security posture.
Some other names for this first phase of penetration testing are; OSINT (Open
Source Intelligence), Footprinting, Discovery, and Cyberstalking.
During reconnaissance we'll gather information from public sources to learn
about the target and try to find what is importan... (more)