Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Root797675y@R1100 Social engineering doesn't count unless that's specifically who you're testing.
This also goes for installing software/etc. If you can read ssl traffic or keystrokes because of something you did and not an exploit, you're tampering. Pen test the system, not the peripherals. -
If you already placed sslstrip, this is what you report, unless the contract allows you more.
If the router is vulnerable, you may show a PoC, otherwise you are done here. If you have permissions to go further, do it.
Report the SMS problem (active interruption of the mobile network is most likely illegal in your country, and with 3G+ passive sniffing got a lot harder; still SMS are not the best practise anymore).
If there is a serious (unpatched?) vulnerability with SMB (not requiring already gained administrative passwords / NTLM hashes / tickets), add that to your the report. If you have permissions to go further, do it. If gaining credentials for RCE over SMB is trivial, definitely report that and use them if you have the permission.
Try brute force only if explicitly permitted as it will place a high load on any tested component.
Recommend HSTS for the website in your report to avoid ssl stripping.
Related Rants
Which ons is less risky and which one Is most profitable to succeed ?
0- telling the admin you forgot your password and as he's logging in, sniff his password (you already placed sslstrip)
1- gain access to router using its vulnerabilities and redirect the traffic to a fake page and get the password.
2- exploiting smb port of admin's system and placing a krylogger or stealing his cookies if available
3- brute forcing admin password :/
4- pressing forgot password on admin account and staying close to him and sniff the SMS containing the otp using rtl-sdr (and of course you will be prompted to set a new password)
5- any other way .
Also the website itself is almost secure.
It is using iis 8.5 and windows server 2012
Only open ports are 80 and 443.
rant
confused
suggestions
challenge
pentest