Infrastructure Penetration Testing
Scope
A telecommunication company wanted to check their external network cybersecurity and 2x/24 subnets were penetrated. Black box penetration test was performed on the external network.
Finding
- Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability (cisco-sa-20180129-asa1)
- EOL/Obsolete Software: Apache HTTP Server 2.2.x
- SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE)
- Apache HTTP Server Prior to 2.4.25 Multiple Vulnerabilities
- Apache HTTP Server HttpOnly Cookie Information Disclosure Vulnerability
- PHP Versions Prior to 5.2.12 Multiple Vulnerabilities
- SSL/TLS Server supports TLSv1.0
- HTTP TRACE / TRACK Methods Enabled
Time frame
- 15 working days
- 12 days network penetration
- 3 days vulnerabilities & remediation
- report preparation
Steps performed
- Layer 2/3 attacks
- Vlan hopping
- Arp cache poisoning
- Switch weaknesses
- IP redirections
- Session hijacking & replay
- Network hash passing
- DHCP/DNS weaknesses
- Various OS weaknesses
- Advanced attacks
- Protocol fuzzing
- Cryptographic weaknesses
- Buffer overflow
- Zero-day