Learn More
Resend Email
2
R-C-D
5y

Which ons is less risky and which one Is most profitable to succeed ?

0- telling the admin you forgot your password and as he's logging in, sniff his password (you already placed sslstrip)

1- gain access to router using its vulnerabilities and redirect the traffic to a fake page and get the password.

2- exploiting smb port of admin's system and placing a krylogger or stealing his cookies if available

3- brute forcing admin password :/

4- pressing forgot password on admin account and staying close to him and sniff the SMS containing the otp using rtl-sdr (and of course you will be prompted to set a new password)

5- any other way .

Also the website itself is almost secure.
It is using iis 8.5 and windows server 2012
Only open ports are 80 and 443.

rant

confused

suggestions

challenge

pentest
Favorite
Ranter
Comments
  • 0
    5y
    @24th-Dragon it's a simple pentest
  • 5
    5y
    @R1100 Well if it's a pentest, all of the above.
  • 8
    5y
    @R1100 Social engineering doesn't count unless that's specifically who you're testing.

    This also goes for installing software/etc. If you can read ssl traffic or keystrokes because of something you did and not an exploit, you're tampering. Pen test the system, not the peripherals.
  • 1
    5y
    If you already placed sslstrip, this is what you report, unless the contract allows you more.
    If the router is vulnerable, you may show a PoC, otherwise you are done here. If you have permissions to go further, do it.
    Report the SMS problem (active interruption of the mobile network is most likely illegal in your country, and with 3G+ passive sniffing got a lot harder; still SMS are not the best practise anymore).
    If there is a serious (unpatched?) vulnerability with SMB (not requiring already gained administrative passwords / NTLM hashes / tickets), add that to your the report. If you have permissions to go further, do it. If gaining credentials for RCE over SMB is trivial, definitely report that and use them if you have the permission.
    Try brute force only if explicitly permitted as it will place a high load on any tested component.

    Recommend HSTS for the website in your report to avoid ssl stripping.
  • 0
    5y
    @sbiewald cool ! Many untold notes !!
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment