- The steps in an effective Internal penetration testing approach.
“1. Map the network
2. Scan the network for live hosts.
3. Port-scan individual machines
4. Try to gain access using known vulnerabilities.
5. Attempt to establish null sessions
6. Enumerate users/identify domains on the network.
7. Sniff the network using Wireshark
8. Sniff POP3/FTP telnet passwords.
9. Sniff email messages.
10. Attempt replay attacks
11. Attempt ARP poisoning.
12. Attempt MAC flooding.
13. Conduct man in the middle attacks.
14. Attempt DNS poisoning.
15. Try logging into a console machine.
16. Boot the PC using an alternative OS and steal the SAM file.
17. Bypass the OS to obtain information.
18. Reset the administrator password.
19. Attempt to plant a software key logger to steal passwords.
20. Attempt to plant a hardware key logger to steal passwords.
21. Attempt to plant spyware on the target machine.
22. Attempt to plant a Trojan on the target machine.
23. Attempt to bypass antivirus software installed on target machine.
24. Attempt to send a virus using the target machine.
25. Attempt to plant root kits on the target machine.
26. Hide sensitive data on the target machine.
27. Hide hacking tools and other data on the target machine.
28. Use various steganography techniques to hide files on the target machine.
29. Escalate user privileges.
30. Capture POP3 traffic
31. Capture SMTP traffic.
32. Capture IMAP email traffic.
33. Capture the communications between FTP client and FTP server.
34. Capture HTTP traffic.
35. Capture RDP traffic.
36. Capture VOIP traffic.
37. Run Wireshark with the filter -ip.src==ip_address.
38 Run Wireshark with the filter -ip.dst==ip_address.
39. Run Wireshark with the filter -tcp.dstport==port_no.
40. Run Wireshark with the filter -ip.addr==ip_address.
41. Spoof the MAC address
42. Poison the victims IE proxy server.
43. Attempt session hijacking on telnet traffic.
44. Attempt session hijacking on FTP traffic.
45. Attempt session hijacking on HTTP traffic.
46. Document everything”
- The potential resources available to support Internal penetration testing.
Wireshark, Core Impact, Metasploit, Canvas, Internet scanner, NetRecon, Cybercop, Nessus, Cisco
secure scanner and Retina are the most useful tools as recommend by EC-Council Press (2007).
- The phases involved with Internal penetration testing.
According to the National Institute of standards and technology (NIST) publication SP800-115 Planning, Discovery, Attack and Reporting are the phases of the penetration testing methodology, I have not found a variance of sequence whether the testing is external or internal.
- The factors that influence the sequencing and selection of particular Internal penetration testing activities.
The level of access granted by the client has a factor in the penetration testing as well as the budget allocated for the testing, dependent upon some of the initial testing results and the clients request many different factors can determine sequencing and selection of activities.
EC-Council Press (2007 ). Penetration Testing Procedures and Methodologies: Course Technology, Cengage Learning, Clifton Park, NY.
Retrieved from the internet on 2/24/13