0

Some context for my question: I'm currently studying Information Security, and this is for an assignment from my teacher.

For my assignment, I received two IP addresses. I did a port scan with nmap and saw that both of these IP addresses pointed at SonicWall Firewalls.

The teacher said that these firewalls protect the website. When trying to gather information about these IP addresses, I only received information about the ISP.

For example, when I did a whois query to my target 179.96.___.___, I received information about "life.com.br". According to Google, they are an Enterprise Internet Provider.

I tried to gather more information about possible clients of this ISP, but I could not find anything. For instance, I tried to see the physical location of the IP addresses, but the result had not enough precision to give any meaningful information.

I tried to scan the entire IP range of the ISP (179.96.144.0/20) and saw lots of services, but my teacher said the other services have nothing to do with the assessment. Only the two IPs he has given us are relevant to the assessment.

I tried to make a reverse DNS lookup, but it's just a generic address of the ISP, which points back to the IP address (179-96-___-___.life.com.br).

What steps can I do now?

Higor Lopes
  • 9
  • 4

1 Answers1

2

Penetration testing is done in multiple steps. From the information you have provided, you seem to have understood that the first step is information gathering.

However, you violated a core principle of ethical penetration testing: Never attack a system you don't own or have permission to attack!

Given that your teacher gave you two IP addresses to attack, it's safe to assume that the teacher either owns those systems or has permission to attack them. However, any address aside from those are out-of-scope of this assessment and have nothing to do with it.

Back to the scope: You claimed that you did an nmap scan of the websites, but you did not include the results of those scans. Here are some information you can provide:

  • Which ports are open?
  • Which services are behind those ports?
  • Which protocols are used by those services?

This is the essential information you want to gather. Depending on this information, you can proceed with your assignment. If you get stuck completely, contact your professor, explain to him the steps you have taken, why you have taken them, what you gathered from those steps and where you are stuck now.

Good luck on your assignment!

  • Nice!!! I Made a Scan in BOUTH IP that my teacher passed. In Bouth case the NMAP that return the port's 4443 and 8080 open and the System Operation is Sonic Wall NSA 220. When i put in URL on my Browser the IP 179.96.XXX.XXX (first ip) or the IP 179.96.XXX.XXX(second IP) appear the page of SONIC WALL system. With Login and Password. My teacher said that firewall protect a WEBSITE and i want to know what website this Firewall protect. Can i know that? – Higor Lopes Jun 06 '19 at 13:00
  • Defeating the security of a specific system is off-topic for this website. Again, if you get stuck, ask your teacher for help. It's their job to teach. –  Jun 06 '19 at 13:04
  • @MechMK1 I don't think that locating the website would require breaking any security. – schroeder Jun 06 '19 at 14:22
  • @HigorLopes when you put the IPs in the browser, did you also include the port numbers? – schroeder Jun 06 '19 at 14:22
  • 3
    @schroeder No, but port-scanning an entire ISP's IP block is already less obvious. The idea was that, if the task includes two IP addresses, the task is limited to those unless otherwise specified. –  Jun 06 '19 at 14:24
  • @schroeder Yes, when i put 179.96.150.XXX:8080 it recirculates to port 4443, then appears site of FIREWALL Sonic Wall. The same occurs with other IP. – Higor Lopes Jun 06 '19 at 17:25
  • 1
    Okay, so you have some firewall. Can you find the version of it? Is that version [vulnerable](https://www.cvedetails.com/vulnerability-list/vendor_id-628/Sonicwall.html)? What information can you glean out of what you have? – vidarlo Jun 06 '19 at 18:31
  • I Made a Port Scan and only that. My teacher said I can not attack the firewall first, I should look for vulnerable applications that are being protected by this Firewall, he said that this Firewall protects a Web Site and that this Site is vulnerable, is there a way to discovery what is this Website ? – Higor Lopes Jun 06 '19 at 21:04