Infrastructure Penetration Testing

Scope

A telecommunication company wanted to check their external network cybersecurity and 2x/24 subnets were penetrated. Black box penetration test was performed on the external network.

Finding

  1. Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability (cisco-sa-20180129-asa1)
  2. EOL/Obsolete Software: Apache HTTP Server 2.2.x
  3. SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE)
  4. Apache HTTP Server Prior to 2.4.25 Multiple Vulnerabilities
  5. Apache HTTP Server HttpOnly Cookie Information Disclosure Vulnerability
  6. PHP Versions Prior to 5.2.12 Multiple Vulnerabilities
  7. SSL/TLS Server supports TLSv1.0
  8. HTTP TRACE / TRACK Methods Enabled

Time frame

  • 15 working days
  • 12 days network penetration
  • 3 days vulnerabilities & remediation
  • report preparation

Steps performed

  • Layer 2/3 attacks
  • Vlan hopping
  • Arp cache poisoning
  • Switch weaknesses
  • IP redirections
  • Session hijacking & replay
  • Network hash passing
  • DHCP/DNS weaknesses
  • Various OS weaknesses
  • Advanced attacks
  • Protocol fuzzing
  • Cryptographic weaknesses
  • Buffer overflow
  • Zero-day