pen test plan

We should conduct the Pen test with a purpose in mind, as we had a list of vulnerabilities last time - we should ensure that theese have been closed, and also try and ensure that there are no known new vulnerabilities.

It would be very useful if these tests could be automated - so that with each development/production build the system could be automatically tested.

Pen Test

IP and Ports

Published Services

From nmap, we should be able to generate a list of Open Ports. From these ports we should be able to guess the services that are being run there.

Guessed/Known services

We can make several educated guesses (some from prior exploitation information) about other services which may be running on the Servers.

SSH
Rabbit-MQ
MySql

Web Server

We should attempt several fuzzer attacks on the Web Server to determin any unguarded directories.

DNS Records

We should attempt to verify the DNS records of the Server - and see if any information can be gleaned from this.

TraceRoutes

We should try and build up a map of where/how we think connectivity to the servers is accomplished. By looking at this map - we again should try and see if any routers/switches - or firewalls may be present.

Device Protocol Analysis

As we have access to the device we should repeat the same steps as we did for the server.

Specifically

IP and Port Checks

Is the App communicating with the Server using ports we are not aware of.

Protocol

Whilst we are assuning everything is Encrypted... is it really ?

What is left in Plain text ? Geo-Stuff ?

Key Certificate Pinning

Has this been undertaken ? How can we check/Verify.

Disrupt/Annoy

We should also have a look at causing the system some real issues - by either disrupting the device/services

This to try include

  • DDOS
  • POD

Could we also not grab some packets (proper messages)

And using a loop - simply replay/flood the app with them ? If this works then could we do the same with an attachment ? We may be able to fill up the disk faster then they imagine.

Cool Commands

Check ssl certs sslyze --regular www.example.com