• Open VPN for PEN testing

    From Todd@110:110/2002 to All on Mon Sep 16 00:07:11 2013
    Hi All,

    I have heard several folks say that they use Open VPN for human
    penetration testing.
    Reference: https://www.pcisecuritystandards.org/pdfs/infosupp_11_3_penetration_testing.pdf

    I apparently did not pay close enough attention. I figured that Open VPN
    would get you past the firewall and the multilayer switch. Which sounded
    right to me. Use Open VPN to create a connection to the
    computer and/or network to be tested. Then test the computer/network
    with nmap, Metasploit, etc.

    But, if I remember correctly, they also used Open VPN to try to break
    into ports. Not as a mechanism to gain access to the computer/network.

    Am I missing something? Can Open VPN actually be used as an attack
    mechanism (nmap, metasploit) to test a computer/network?

    Many thanks,
    -T


    --- MBSE BBS v1.0.0 (GNU/Linux-i386)
    * Origin: A noiseless patient Spider (110:110/2002@linuxnet)
  • From Jamma Tino Schwarze@110:110/2002 to All on Tue Sep 17 20:43:07 2013
    Todd <Todd@invalid.invalid> wrote:

    I have heard several folks say that they use Open VPN for human
    penetration testing.
    Reference:

    https://www.pcisecuritystandards.org/pdfs/infosupp_11_3_penetration_testing.pdf

    I couldn't find the term VPN within that document.

    I apparently did not pay close enough attention. I figured that Open VPN would get you past the firewall and the multilayer switch. Which sounded right to me. Use Open VPN to create a connection to the
    computer and/or network to be tested. Then test the computer/network
    with nmap, Metasploit, etc.

    This would only work given an OpenVPN server which you could connect to.
    It would ease penetration testing if you just deploy your OpenVPN server
    (or client connecting to your own server) and ensure it's got the
    neccessary connectivity for further testing. That way you do not need to
    be on-site (but are opening the network somewhat which might be
    unwanted).

    But, if I remember correctly, they also used Open VPN to try to break
    into ports. Not as a mechanism to gain access to the computer/network.

    Of course, given the appropiate setup you could use the VPN connection
    (like any other VPN connection) to try to break into other applications
    at the remote network. That's not OpenVPN specific.

    Am I missing something? Can Open VPN actually be used as an attack
    mechanism (nmap, metasploit) to test a computer/network?

    I don't think so - OpenVPN uses one UDP or TCP port for communication.
    There might be issues within the server itself which might be
    exploitable, but without a server, no connection could be made to the
    network.

    But I'm not very deep into security.

    Jamma.

    --
    "What we nourish flourishes." - "Was wir n„hren erblht."

    www.tisc.de

    --- MBSE BBS v1.0.0 (GNU/Linux-i386)
    * Origin: Individual Network Chemnitz, FRG (110:110/2002@linuxnet)
  • From Todd@110:110/2002 to All on Wed Sep 18 16:41:44 2013
    On 09/17/2013 01:43 PM, Jamma Tino Schwarze wrote:
    Todd <Todd@invalid.invalid> wrote:

    I have heard several folks say that they use Open VPN for human
    penetration testing.
    Reference:
    https://www.pcisecuritystandards.org/pdfs/infosupp_11_3_penetration_testing.pdf

    I couldn't find the term VPN within that document.

    I apparently did not pay close enough attention. I figured that Open VPN
    would get you past the firewall and the multilayer switch. Which sounded
    right to me. Use Open VPN to create a connection to the
    computer and/or network to be tested. Then test the computer/network
    with nmap, Metasploit, etc.

    This would only work given an OpenVPN server which you could connect to.
    It would ease penetration testing if you just deploy your OpenVPN server
    (or client connecting to your own server) and ensure it's got the
    neccessary connectivity for further testing. That way you do not need to
    be on-site (but are opening the network somewhat which might be
    unwanted).

    But, if I remember correctly, they also used Open VPN to try to break
    into ports. Not as a mechanism to gain access to the computer/network.

    Of course, given the appropiate setup you could use the VPN connection
    (like any other VPN connection) to try to break into other applications
    at the remote network. That's not OpenVPN specific.

    Am I missing something? Can Open VPN actually be used as an attack
    mechanism (nmap, metasploit) to test a computer/network?

    I don't think so - OpenVPN uses one UDP or TCP port for communication.
    There might be issues within the server itself which might be
    exploitable, but without a server, no connection could be made to the network.

    But I'm not very deep into security.

    Jamma.


    Hi Jamma,

    The link was only to tell you what I was trying to
    learn.

    You pretty much confirmed what I thought. Thank you
    for the feedback!

    -T

    --
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    the riddle wrapped in an enigma wrapped
    in a couple slices of baloney
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    --- MBSE BBS v1.0.0 (GNU/Linux-i386)
    * Origin: A noiseless patient Spider (110:110/2002@linuxnet)