There was a recent thread about client-side attacks that might be of interest to you. Just do a quick search or I think it's still in the side-bar on the right side of the page.

Sort of... a trojan isn't really a client-side exploit. Think more along the lines of some malicious code, maybe a buffer overflow, that exploits the users browser or maybe a program that they use. Yes, user awareness/security training is one of the ways to safeguard against such attacks. Core Security actually has a pretty good definition on their website here.


It's all dependent on what type of test you're doing. As mentioned in many other posts at this site, you'll notice that there is a lot of emphasis placed on other tactics rather than trying to get in through a firewall. If you're goal is to do a full penetration test of your network/information system, then you're only doing your company a disservice by not exploring all possibilities.

On the other hand, if the objective is to get in through the Internet (minus using anything client-side for leverage), than  you're certainly on the right track thus far. From your scan, it looks like you've got plenty of places to dig deeper... IIS 5, DNS, FTP, Mail. Are those web servers hosting websites? What about attacking the websites? You mentioned MITM attacks in an earlier post, does your FTP server support non-secure connections?

As previously recommended, you should probably run a scan with a vulnerability scanner (ex: Nessus). And, also as Don mentioned earlier in the thread, you should probably consider looking into a testing methodology (ex: OSSTMM).

Hope that gives you a bit more insight. Best of luck.

BillV