Help with first Pentest

happywillihappywilli Registered Users Posts: 1 ■□□□□□□□□□
Hi,

Im looking for a bit help to go forward with my pentesting.
I've connected to an company envoirment (testlab) through OpenVPN.

We have not got more information on what we should do..
What I need is a little bit helping info on what tools I should use to go forward.

so far, i've been using nmap and finding running hosts..

Sorry for not being that clear.. this is my first pentesting.

Comments

  • GirlyGirlGirlyGirl Member Posts: 219
    happywilli wrote: »
    Hi,

    Im looking for a bit help to go forward with my pentesting. You didn't figure that out before you connected through OpenVPN?
    I've connected to an company envoirment (testlab)<??through OpenVPN.

    We have not got more information on what we should do.. icon_scratch.gif So, this is the first pen test for everyone on the team.
    What I need is a little bit helping info on what tools I should use to go forward. icon_rolleyes.gif

    so far, i've been using nmap and finding running hosts..

    Sorry for not being that clear.. this is my first pentesting.

    icon_scratch.gif

    I don't want to go to jail. So, I'll let someone else respond. Maybe someone else will give you advice on whatever in the world you are looking for...

    Good Luck.
  • airzeroairzero Member Posts: 126
    Is this for your company or are you testing someone else? Either way do you know what your rules of engagement are so you know what your allowed to do as well as what is in your tests scope? Does that lab environment mirror the production network? If not the test seems a little pointless.

    Your being a little vague on what your objectives are and what your trying to accomplish. Also if your being allowed to perform a pentest I would assume you have experience in that matter. Not knowing what to do past an nmap scan suggest otherwise (hint: look at the nmap scan results). Sounds like you need a senoir tester to help guide you through your test, not an online forum.
  • [Deleted User][Deleted User] Posts: 0 ■■□□□□□□□□
    @airzero, I think you might have scared him offline! :)
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,163 ■■■■■■■■□□
    He should take eLearnSecurity's Junior Penetration Tester training.
  • airzeroairzero Member Posts: 126
    @airzero, I think you might have scared him offline! :)

    Wasn't exactly my intention

    That's just an odd thing to ask on a certification forum.
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    haha, gave me a good laugh. thanks willi
  • slinuxuzerslinuxuzer Member Posts: 665 ■■■■□□□□□□
    This seems like a flat out "help me hack my school" post - take my advice kid, if you want to learn to "hack" download some vulnerable by design VM images, boot them, boot kali linux and hack those. Take a look at safari books and get the CEH book or some other book on hacking, but don't commit a crime, you'll get caught and it could hang over you for the rest of your life, or maybe just long enough to keep you from getting a security clearance or whatever. Just a bad idea to hack a system without written permission.
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Member Posts: 337 ■■■□□□□□□□
    If I had to guess, OP might be taking a company's lab before they hire a new pentester. I've been there. Or maybe they have setup a lab for employees?

    In any case OP it sounds like you aren't ready for this challenge. Nothing wrong with admitting you don't have the skills you need yet.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
Sign In or Register to comment.