In some cases, we need to identify the network ranges of a company ourselves for penetration testing. In the case of a pure black box pentest, we would only know the company name in our role as an attacker. Here we encounter two problems: if we don’t know the IP address range, we cannot estimate the effort needed in advance, and we must ensure that we don’t accidentally penetrate IT systems of third parties when carrying out an attack. For these reasons, the necessary information, such as the network ranges of the IT infrastructure to be examined, is usually provided by the client. In our scenario, network 10.250.53.0/24 of Dubius Payment Ltd. will be subjected to a penetration test.
So far, the task of compromising Dubius Payment Ltd. may have seemed a bit abstract. To shine a light on the situation, we must first identify the accessible servers and services in a network range. To do so, we must have a clear understanding of the unique values of a network connection: a network connection is uniquely identified by its source and target IP address, its source and target port and the transfer protocol.
A service can be addressed both over IPv4 and over IPv6, while we will only focus on the TCP and UDP transfer protocols for Dubius Payment Ltd. Also present are 65536 ports (0 - 65535), where a service might be listening for an incoming connection. It should be noted that opening a port below 1024 requires administrative rights. These values indicate the attack surface of a network and can establish connections to servers and services.
But as you might imagine, under no circumstances will we manually search for existing servers and services, as this task is easy to implement with a program or tool. Instead of sending out the same command thousands of times over to establish connections, we will “only“ use the nmap (network mapper) tool. But nmap offers much more than just automatically identifying servers and services.
Take a look at the pentest training chapters and learn penetration testing:
Discover the world of penetration testing. Learn how to infiltrate networks and successfully penetrate systems and applications. Acquire the necessary hacking skills and use them when conducting professional penetration tests. Become a real penetration tester. Here you will find the free documents for the Pentest Training of binsec academy GmbH. The binsec academy GmbH offers the corresponding security training lab environments and certifications. However, the knowledge and wiki articles on hacking and penetration testing is universal.
binsec academy GmbH is the European provider of online security training with virtual laboratory environments. The core component of all security training is the focus on practice, practice and more practice. In the wiki here you will find the public and freely available course materials. You can put the theory into practice at binsec-academy.com.