Open VPN for PEN testing

Discussion in 'Linux Networking' started by Todd, Sep 16, 2013.

  1. Todd

    Todd Guest

    Hi All,

    I have heard several folks say that they use Open VPN for human
    penetration testing.
    Reference:
    https://www.pcisecuritystandards.org/pdfs/infosupp_11_3_penetration_testing.pdf

    I apparently did not pay close enough attention. I figured that Open VPN
    would get you past the firewall and the multilayer switch. Which sounded
    right to me. Use Open VPN to create a connection to the
    computer and/or network to be tested. Then test the computer/network
    with nmap, Metasploit, etc.

    But, if I remember correctly, they also used Open VPN to try to break
    into ports. Not as a mechanism to gain access to the computer/network.

    Am I missing something? Can Open VPN actually be used as an attack
    mechanism (nmap, metasploit) to test a computer/network?

    Many thanks,
    -T
     
    Todd, Sep 16, 2013
    #1
    1. Advertisements

  2. I couldn't find the term VPN within that document.
    This would only work given an OpenVPN server which you could connect to.
    It would ease penetration testing if you just deploy your OpenVPN server
    (or client connecting to your own server) and ensure it's got the
    neccessary connectivity for further testing. That way you do not need to
    be on-site (but are opening the network somewhat which might be
    unwanted).
    Of course, given the appropiate setup you could use the VPN connection
    (like any other VPN connection) to try to break into other applications
    at the remote network. That's not OpenVPN specific.
    I don't think so - OpenVPN uses one UDP or TCP port for communication.
    There might be issues within the server itself which might be
    exploitable, but without a server, no connection could be made to the
    network.

    But I'm not very deep into security.

    Jamma.
     
    Jamma Tino Schwarze, Sep 17, 2013
    #2
    1. Advertisements

  3. Todd

    Todd Guest

    Hi Jamma,

    The link was only to tell you what I was trying to
    learn.

    You pretty much confirmed what I thought. Thank you
    for the feedback!

    -T
     
    Todd, Sep 18, 2013
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.