Test your system and services

simply more security

Our Hacktor is your personal pentester that can pentest all accessible assets within a network segment. In the clear audit report you can see how far it has penetrated within your systems and what other security gaps have been found.

Step 1

Bruteforce

As part of the bruteforce attack, the hacker attempts to gain access to your system by trying out passwords en masse.

If he is successful, he tries to penetrate deeper into the system.

Step 2

CVE scan (network)

Additionally, Hacktor now checks the software versions used to provide the services for CVEs. This applies to any service provided on a target (such as FTP, SSH, MySQL, http, etc.) This is a network-side area scan for security vulnerabilities.

Step 3

Discovery of services

Regardless of whether a brute force test is successful or not, the services are tested further.

Each service is specifically checked and tries to get your data and/or take control of the system.

Get hacked by enginsight

before a criminal hacker does it

infrastructure | server | services

Bruteforce and Discovery

Enginsight’s pentest specifically checks services that are used within an IT infrastructure. The goal is to find out if a login and the transfer of rights is possible. In Discovery, further analyses are carried out with the acquired rights in order to obtain sensitive data, for example.

Services and Protocols

For protocols, the hacktor tests whether the remote user has root privileges. If this is the case, control over an attachment (telnet), server (FTP, SSH) or e-mail (POP3, IMAP) could be gained.

Furthermore it is checked whether it is possible to delete data, create directories or break out of the directory with an anonymous or standard account. If the user manages to go back in the directory structure, this would allow him to read the password of the server.

SQL databases

For SQL databases, the pentest aims to determine whether anonymous login is possible, whether the standard user has rights or privileges to create and delete databases, and whether access to system internals is possible.

NoSQL databases

The Mongo DB is a NoSQL database, which makes it more and more popular especially in the BigData environment.

For MongoDB, login options and the assignment of rights are also being evaluated for this technology. In particular, the gap of a missing password, which often occurs in MongoDB, is tested.

Key Value Store / Message Bus

These services are very critical for the operation of the infrastructure. If an attacker manages to penetrate this area, he can take almost complete control of the system/servers. The hacktor uses the bruteforce attack to check whether access and transfer of rights is possible.

web based attacks and scans

Attack on your reputation

The website or web services are the figurehead par excellence for companies, especially in end customer business. If everything works and looks good, the customer is happy and has confidence in your company. But what if nothing works anymore, the online store goes down or the users on your website are corrupted? Then not only the turnover, but also your reputation will go down faster than you would like.

But that does not have to be. We show you the weak points that a hacker can exploit to protect your company from unwanted manipulation.

web based attack

Cross-Site-Scripting

We try to smuggle malicious code into your system within a supposedly secure context.

web based attack

SQL Injection

Trying to insert database commands through the application that provides access to the database.

web based attack

File Inclusion

Embedding and execution of program code in the web server via vulnerabilities in script-based web applications

web based attack

Command Injection

Sending system commands via web request to a server, such as a shutdown.

configurations

SSL/TLS Cipher Scan

Check your certificates to see if they use ciphers that have security vulnerabilities.

configurations

HTTP-Header

Checking of the security relevant HTTP headers including information on correct implementation. Protect the visitors of your website!

configurations

Sensitive Data Leak

Scan for files that reveal sensitive data about a target system (e.g. passwords, configuration data) and for database dumps that are publicly accessible.

configurations

Common Source Leaks

Determine whether the other side is disclosing information that makes the target potentially vulnerable to attack. This includes accessible config files or even logs.

the easiest pentest in the world

is your system really safe?

NGS-Fantasy
7-Tage Newsletter
Werden Sie zum Helden Ihrer Kunden

7 Tage Wissen und Insights für IT-Security Dienstleister.

Enginsight Logo