First of all, I'm danish and hence my English is not perfect, and sorry if this is posted in the wrong section.

I'm an university student and currently working on an exam project where I have to make an evaluation of resistance against penetration for a company.

The 3 main focus areas for my project is:

- 1) Poor network security
- 2) Known security vulnerabilities
- 3) Exploits of a login-system
* Numbers used as reference throughout the post.

The project is due 19th of December and I've scheduled time with the company I'm evaluating from 9th of December till 12th of December, where I'm to do the penetration testing.

I'm running Backtrack 5 r3 and I have an AirPCap wireless adapter.

My question to you guys is, which tests should I run to get the best results?.

I've already done a list of programs/methods I've thought of using:

1) As for the wireless protection I'm doing a scan with airmon/airodump to hack the WPA encrypted network. I have an OK wordlist, but will also be creating my own based on the company. If the airmon-set is wont work, I'll try others like wifi-honey, cowpatty etc.

2) To scan for known security vulnerabilities on the system I'll be using OpenVAS/Greenbone and Nessus. Think that'll be fine, but if some of you know of some other good programs or a hint for me, I'd be pleased to know.

3) On the company homepage there's a login-page for the intranet. I've created a user-list of logins I think they're using (like the initials of their e-mail, ex.: gh@company.com - I will try gh) + brute-force/dictionary attack the password. For the dictionary attack I will add/create specific words and compositions of words that would fit the company (ex.: If the company is making cars, perhaps some passwords contain names of cars etc.)
For brute-forcing/dictionary attacking I'll use hydra and the firefox plugin FireForce.
This is actually the one I'm the most concerned about. Haven't been able to find that much on brute-forcing/dictionary attacking, so help here would be appreciated.

The webserver runs Apache, haven't checked the version yet since I'm still awaiting approval from the network-manager, though I'm 100% sure he'll say yes (Made an agreement with the CEO of the company).
This means I've not done any research yet, since I need an approval (Don't want to do any illegal).

I won't be doing any social engineering or backdooring (manually planting backdoors etc.) on their system, since I wont have enough time. Perhaps planting an automatic created backdoor from metasploit just to check their anti-virus, but nothing more than that.

If you have any questions regarding this project I'd be glad to give you a link, but it's in danish so you'd probably not understand much of it.

I hope you can give me some advice on this.


Doing a security penetrating test on a company and need help with hints/tips/program advice.

Thank you in advance,

- M.