EvilZone

Community => General discussion => : Nortcele October 23, 2014, 10:17:42 AM

: How deep do you go ;) ?
: Nortcele October 23, 2014, 10:17:42 AM
Okay so when performing a penetration test, you have done all your research, you have spent hours on the job to get your list of hosts and there open ports,

after performing your scan you manage to find 'x' amount of vulnerabilities and you also know how to exploit them,

E.g with a remote connection, command terminal execution or a buffer overflow.

How far do you go?

- Do you leave it as that, write/export your report and send it off.
- You exploit the system and then write your report, showing that you did the exploit (risking damage?)
- You perform the exploit and then have a look around? You might find something interesting...

What are your thoughts?
: Re: How deep do you go ;) ?
: Stackprotector October 23, 2014, 02:52:18 PM
That depends on the job. If you are allowed to exploit you exploit, if you can look at their data you look at their data.
: Re: How deep do you go ;) ?
: Nortcele October 23, 2014, 03:21:06 PM
I go by what they requested, what would you do if you were just trawling?
: Re: How deep do you go ;) ?
: Phage October 23, 2014, 04:48:55 PM
Just trawling? I don't pentest random sites, get a contract or stay the heck away; otherwise you'll most likely end up in troubles.
: Re: How deep do you go ;) ?
: Nortcele October 23, 2014, 04:56:38 PM
My job is a Ethical Hacker/Administrator , I was just wandering if people Trawl?

I mean I do sometimes but usually only sites that are related to my work...

: Re: How deep do you go ;) ?
: Phage October 23, 2014, 05:12:31 PM
My job is a Ethical Hacker/Administrator , I was just wandering if people Trawl?

I mean I do sometimes but usually only sites that are related to my work...

No chances taken from my side.

If they want a pentest, they can sign me a contract.
: Re: How deep do you go ;) ?
: Nortcele October 23, 2014, 05:43:48 PM
No chances taken from my side.

If they want a pentest, they can sign me a contract.

Fair play, that's how I usually do things.
: Re: How deep do you go ;) ?
: Stackprotector October 23, 2014, 06:26:04 PM
(http://karlasugar.net/wp-content/uploads/2010/01/NARS-DT-Orgasm-Super-O-Torrid-Medium.jpg)
: Re: How deep do you go ;) ?
: Pak_Track October 23, 2014, 07:03:22 PM
^yep, that's what crossed my mind when I saw this thread :P
: Re: How deep do you go ;) ?
: Nortcele October 23, 2014, 07:46:47 PM
Thats what I was intending people to think, hence the winky face ;)