Introduction to Internal Penetration Tests - Pentestmag

Introduction to Internal Penetration Tests

Feb 21, 2023

by Dimitris Pallis

Connectivity Basics

Before jumping on to exploitation tools and techniques, the most important step is to connect to the client's network.

This can be done in two ways, either remotely or on-site by going to client's offices. On-site visits would require your own dedicated space and access to the client's network through wired ethernet or wireless connection. After that, you would only have to confirm you are assigned with an IP address and you're ready to go. Other measures could be required such as whitelisting your computer's MAC address, but those details should be handled during the scoping process and you'll know beforehand; if you don't, just ask the project manager who will confirm with the client.

Most of the time, the client agrees to a remote internal assessment. This could be achieved by providing them with a virtual machine, which the client spins up on their internal network and provides you with the IP address. This machine could include a local Nessus installation and other tools such as Responder and Crackmapexec. Finally, one could use the X2Go client tool to connect to that virtual machine through SSH (example below).

X2go client tool

Read the rest of this story with a free account.

Already have an account? Sign in

March 1, 2023

Author

Dimitri
Latest Articles
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023