caskin
caskin
4.1 Phase Summary 4.0 External Phase The external phase of the pentest focused on the assets which are publicly accessible.
Reconnaissance and scanning were conducted to identify opportunities for intrusion or
malicious modification of the systems.
Attacks were launched from PurpleSec network via Internet to the externally
accessible assets at CLIENT using BurpSuite and network scanner NMAP.
4.2 Actions Taken To determine th
e risk level of CLIENT’s externally accessible hosts and servers, the
analyst conducted internet-level scanning and analysis.
From Zone: Internet
Via: N/A
To Zone: External Network
Method: Internet penetration testing
Current Zone Activities:
xxx.xxx.93.188 The server’s certificate is not valid for the hostname. Cert is issued to www.examplecom, www.example.com, but you can reach the https
certificate through this IP address. The hostname is technically not covered by the cert.
HSTS is not enforced The application fails to prevent users from connecting to it over unencrypted
connections. This opens the possibility of man-in-the-middle attacks performed on the
site by users who visit unencrypted links. To remedy this, add a response header with the
name
“Strict
-Transport-
Security” with an acceptable max
-age expiration time.
Nmap Warnings: 64-bit block cipher 3DES vulnerable to SWEET32 attack
Broken cipher RC4 is deprecated by RFC 7465
Ciphersuite uses MD5 for message integrity
Key exchange (dh 2048) of lower strength than certificate key
Key exchange (ecdh_x25519) of lower strength than certificate key
PEN TEST REPORT: EXAMPLE INSTITUTE
JANUARY 1, 2020
18
sales@purplesec.us
PEN TEST REPORT: EXAMPLE INSTITUTE
JANUARY 1, 2020
