Finding IP addresses

[secure_it]

Hi all,

Quick Q.

If you have a network to attack. How would you go about it? I tend to use social engineering on companies that arent so big (auditing nothing illegal). Because if they arent big they will most likely not host their own website so I couldnt take that route. What id usually do is use some buffer overflow exploit and hope some employee opens it.

So my question is. How would you go about attacking a network and finding the IP address that will get you in. Medium and small businesses usually have one router or so directing all their traffic. Not all have wireless networks either. So how would you go about it when you dont have any physical access or wireless access?

Please dont think im asking for some sort of tutorial i just wanted to know what your preffered methods are/would be.

Thanks

Tarantula78

What do you mean by attacking it.A pen-tester won't use such n00b terms.its better known as Vulnerability Assessment and Penetration testing.which can be done using
white box testing(you are aware of network infrastructure,IP Scheme,routers,switches,firewalls,IDS/IPS,HIPS in place)

black box testing(Dont have any idea of network scheme,infrastructure,kinda blind testing and simulate the real hacker penetration,more dangerous and chances of resource unavaliablity is high in network)
gray box testing(internal VA PT Testing,using social engineering)

For performing these you need to sign a Non-disclosure Legal Document between you and vendor and for that you must be having legal license for performing Pen-Testing.like thorn said C|EH,CPTS,LPT,ECSA,SANS GIAC Ethical Hacker or Offensive Security OSCP,OWSP etc.
the basic steps are
Footprinting
Reconnaissance
Scanning
Gaining entry and maintaning access
Clearing footprints

so if you know about these steps preety sure you are aware of pen-testing and VA.for getting IP there is many ways
sites like readnotify.com provides self-destruction mail service.which you can send to victim so when he will open it.you will get a notification of reading mail and will get the ip.another way is social engineering.

[thorin]

What do you mean by attacking it.A pen-tester won't use such n00b terms.its better known as Vulnerability Assessment and Penetration testing.which can be done using
white box testing(you are aware of network infrastructure,IP Scheme,routers,switches,firewalls,IDS/IPS,HIPS in place) ...

Geez pot calling the kettle black?

Along the same lines lets point out that although some valuable information was passed along, the above is probably not the best way to demonstrate professionalism.

[streaker69]

Geez pot calling the kettle black?

Along the same lines lets point out that although some valuable information was passed along, the above is probably not the best way to demonstrate professionalism.

Pretty much goes hand in hand with continually calling Windows, Winblows.