The lab has been set up, connections verified; it is time to put the information gained throughout the book to work. Challenge yourself to perform a full penetration test from start to finish on this environment. The penetration test will consist of an external test: a connection into the perimeter switch of the site, in this case VMnet2
. Following this, we want to conduct an internal penetration test; this will require the connection of the attacking machines into each one of the segments of the site. The intent of the internal test is to check and verify the potential attack vectors that exist from within the different segments; furthermore, this will provide the site with valuable information on the potential risk if malware infected one of the segments. Additionally, our testing includes the following items:
Determine the scope (the administrator only allows you to have 4 hours on his VPN).
Understand the reason why the client wants a penetration test. This is critical to...