Assessment of large networks in particular can become a very cyclic process if you are testing the networks of an organization in a blind sense and are given minimal information. As you test the network, information leak bugs can be abused to find different types of useful information (including trusted domain names, IP address blocks, and user account details) that is then fed back into other processes. Figure 1-2’s flowchart defines this approach and the data being passed between processes.
This flowchart starts with network enumeration, then bulk network scanning, and finally specific service assessment. It may be the case that by assessing a rogue non-authoritative DNS service an analyst may identify previously unknown IP address blocks, which can be fed back into the network enumeration process to identify further network components. In the same way, an analyst may enumerate a number
of account usernames by exploiting public folder information leak vulnerabilities in Microsoft Outlook Web Access, which can be fed into a brute-force password grinding process later on.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |