Real-Time BlackBox Internal Penetration Testing

Last updated 4 years ago

Was this helpful?

Real-Time BlackBox Internal Penetration Testing

This blog post majorly covers to get access to the corporate network while conducting the Black-Box Internal Penetration Testing (with physical access to the corporate office) by covering the major areas:

Assessment Process

Areas

Wired
- RJ45 (Ethernet) Port
Wireless
- Guest SSID
- Contractor / Partner SSID
- Corporate SSID
Unlocked/Unprotected/Unattended Devices and/or documents
Password Spraying Can be used for Internal/External Pentesting depending on the attack-vector

Wired

NAC Testing
Devices Testing (VoIP, Printer, etc)
Asset Discovery
Scanning & Enumeration

Wireless

Discovering Hidden Networks
Guest SSID Testing
- Hunting for connected corporate users
- Scanning APs & server subnets
- Captive Portal Testing
- Rogue access point
- Segmentation Testing between guest & corporate network
Contractor / Partner SSID Testing
- Connected users
- Scanning AP & server subnets
- Captive Portal Testing
- Rogue access point
- Segmentation Testing between contractor segmentation & corporate network
Corporate SSID Testing
- Evil-Twin Attack
- Handshake Capture

Unlocked/Unprotected/Unattended Devices and/or documents

Unlocked computers/laptops
Unprotected/Unattended devices (eg: advertisement screen connected with the network, kiosk etc)
Credentials on sticky notes

Password Spraying (weak password policy)

Running password spray on OWA/exchange/office.com
Running password spray on VPN

Hint: Credential stealing can be really useful if it can be used to authenticate on corporate SSID

Reference

NextActive Directory Enumeration Part-1

Last updated 4 years ago

Was this helpful?