The scanning phase
This is where we start cooking on gas to target, directly, our network systems to look for technical information that points to vulnerabilities. Here's the order of play:
IP auditing – We map out all system IP addresses, locally and server-side. Locally, quite likely there will be several IPs from the gateway router to devices such as PCs and phones. Remotely, there may be just one, else separate addresses for, say, a web server and a mail server or, in some cases, complex scenarios involving load-balanced servers, an intranet, extranet, and so on.
Ports survey – For each IP, we look for open ports, those entry and exit points channeling data so that, for instance, we can administer the server from afar or provide access to the WordPress site (using that web thing).
Application versions – Ultimately we want to know about susceptible versions of services ( daemons or apps) that, sat on open ports, provide potential attack routes into whatever machine.
Note
Seeking out the...
