System and method for providing network penetration testing

US 8,365,289 B2
Filed: 04/14/2008
Issued: 01/29/2013
Est. Priority Date: 04/12/2007
Status: Active Grant

First Claim

Patent Images

1. A method for performing penetration testing in a network from an end-user computer, wherein the method comprises the steps of:

gathering valid email addresses from a server;

transmitting at least one determination email, wherein the determination email contains computer code, to at least one of the gathered email addresses, wherein the determination email is transmitted to a target computer associated with the at least one gathered email address, and wherein the determination email determines at least one application running on the target computer using the computer code of the determination email;

determining, by use of the determination email, at least one application running on the target computer, by the determination email containing a placeholder for content hosted in a server controlled by the penetration tester, wherein the at least one application is used to load the content in the placeholder in the target computer, thereby identifying the at least one application;

determining at least one vulnerability of the at least one determined application running on the target computer; and

generating at least one exploit for exploiting the determined at least one vulnerability of the application, thereby allowing for compromising of the target computer.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing network penetration testing from an end-user computer is provided. The method includes the step of determining at least one of a version of a Web browser of a target computer, contact information associated with an end-user that uses the target computer, and applications running on the target computer. The method also includes the steps of determining exploits that are associated with the running applications and that can be used to compromise the target computer, and launching the exploits to compromise the target computer. Network penetration testing may also be provided by performing the steps of determining an operating system of a target computer, selecting one of a group of modules to use in detecting services of the target computer, and detecting the services of the target computer.

Citations

13 Claims

1. A method for performing penetration testing in a network from an end-user computer, wherein the method comprises the steps of:
- gathering valid email addresses from a server;
  
  transmitting at least one determination email, wherein the determination email contains computer code, to at least one of the gathered email addresses, wherein the determination email is transmitted to a target computer associated with the at least one gathered email address, and wherein the determination email determines at least one application running on the target computer using the computer code of the determination email;
  
  determining, by use of the determination email, at least one application running on the target computer, by the determination email containing a placeholder for content hosted in a server controlled by the penetration tester, wherein the at least one application is used to load the content in the placeholder in the target computer, thereby identifying the at least one application;
  
  determining at least one vulnerability of the at least one determined application running on the target computer; and
  
  generating at least one exploit for exploiting the determined at least one vulnerability of the application, thereby allowing for compromising of the target computer.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the step of gathering valid email addresses further comprises the step of interacting with a simple mail transfer protocol (SMTP) server to detect email addresses that the SMTP server hosts.
  - 3. The method of claim 1, further comprising the step of transmitting the generated at least one exploit to the target computer to gain control over the target computer.
  - 4. The method of claim 1, further comprising the step of transmitting an email having access to the at least one exploit to the target computer to gain control over the target computer.
  - 5. The method of claim 1, further comprising the step of transmitting the generated at least one exploit to the target computer to gain control over the determined applications.
  - 6. The method of claim 1, wherein the at least one determined application is selected from the group consisting of a Web browser and an email client.

7. A system for providing network penetration testing, comprising:
- a first module implemented via hardware logic circuitry configured to gather valid email addresses from a server;
  
  a second module implemented via hardware logic circuitry configured to transmit at least one determination email containing computer code to at least one of the gathered email addresses, wherein the determination email is transmitted to a target computer associated with the at least one gathered email address, and wherein the determination email determines at least one application running on the target computer using the computer code of the determination email;
  
  a third module implemented via hardware logic circuitry configured to determine, by use of the determination email, at least one application running on the target computer, by the determination email containing a placeholder for content hosted in a server controlled by a penetration tester, wherein the at least one application is used to load the content in the placeholder in the target computer, thereby identifying the at least one application;
  
  a fourth module implemented via hardware logic circuitry configured to determine at least one vulnerability of the at least one determined application running on the target computer; and
  
  a fifth module implemented via hardware logic circuitry configured to generate at least one exploit for exploiting the determined at least one vulnerability of the application, thereby allowing for compromising of the target computer.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, further comprising a sixth module implemented via hardware logic circuitry for browsing a Web page tree, detecting email addresses on the Web page tree, and storing the detected email addresses.
  - 9. The system of claim 7, wherein the first module is configured to interact with a simple mail transfer protocol (SMTP) server to detect email addresses that the SMTP server hosts.
  - 10. The system of claim 7, further comprising a sixth module implemented via hardware logic circuitry for transmitting the generated at least one exploit to the target computer to gain control over the target computer.
  - 11. The system of claim 7, further comprising a sixth module implemented via hardware logic circuitry for transmitting an email having access to the at least one exploit to the target computer to gain control over the target computer.
  - 12. The system of claim 7, further comprising a sixth module implemented via hardware logic circuitry for transmitting the generated at least one exploit to the target computer to gain control over the determined applications.

13. A non-transitory computer readable medium having a program for providing network penetration testing within a network, the program configured to perform the steps of:
- gathering valid email addresses from a server;
  
  transmitting at least one determination email containing computer code to at least one of the gathered email addresses, wherein the determination email is transmitted to a target computer associated with the at least one gathered email address, and wherein the determination email determines at least one application running on the target computer using the computer code of the determination email;
  
  determining, by use of the determination email, at least one application running on the target computer, by the determination email containing a placeholder for content hosted in a server controlled by the penetration tester, wherein the at least one application is used to load the content in the placeholder in the target computer, thereby identifying the at least one application;
  
  determining at least one vulnerability of the at least one determined application running on the target computer; and
  
  generating at least one exploit for exploiting the determined at least one vulnerability of the application, thereby allowing for compromising of the target computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ecrime Management Strategies, Inc.
Original Assignee
Core SDI, Inc.
Inventors
Russ, Fernando Federico, Weil, Alejandro David, Eissler, Matias Ernesto, Dibar, Francisco Javier, Manrique, Hector Adrian
Primary Examiner(s)
KOSOWSKI, CAROLYN M

Application Number

US12/102,482
Publication Number

US 20080256638A1
Time in Patent Office

1,751 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

System and method for providing network penetration testing

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing network penetration testing

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links