Any security professional has his own way in conducting a penetration testing mission but the whole plan and method for performing the pentest should be in accordance with the security standards recommendations and regulations.
The first thing is to start with defining a framework for the several part of pentest this will involve obtaining comprehensive information about the Internal system that can help to map the infrastructure. The required information includes:
- Network segmentation.
- Firewall rules (Access list… ).
- Web based applications and databases if exist.
- Wireless network if exist.
- Any other security details that should be taken into account during the mission (for example login lockdown when Number of authentication attempt fails that helps to prevent brute force password discovery).
To start the network pentest you will need a good tool for packet analyzing this can be Wireshark or Commview. You just need to implement the sniffer for a period of 2 hours to intercept the needed traffic and analyze them.
We will need to care about the following protocols:
- Switching protocols (STP, DTP …)
- routing protocols (RIP, EIGRP…)
- Dynamic Host configuration protocols (DHCP, BOOTP)
- Open protocols that do not use encryption (Telnet, rlogin…)
Well these protocols can show if there is a problems in the network and what we have to test in the network for example:
- If we found DHCP/RIP protocol we should test Man in the middle attack.
- For the Spanning-Tree Protocol (STP), testing the root bridge electing which allows intercepting all neighbors segment.
- On the DTP it is also possible to change port mode to trunk and intercept legitimate traffic.
To test these attacks you can use Yersinia. Yersinia is a network tool designed to take advantage of some weakness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.
This is for the datalink layer, next we can move to the ARP-poisoning attack, we can choose for this attack one of two tools or both (Cain & Abel or Ettercap ) a successful ARP-poisoning attack can allows pentester to get in the clear passwords of various information resources – database, Active directory domain name and others but it’s very important to lunch the tool on a single target to do not Dosing the system.
For the network layer we can add other tools but globally that can do a good job to include in the main report.
make sure you subscribe to my RSS feed!