From: Aleksander P. Czarnowski (alekc@avet.com.pl)
Date: Mon May 13 2002 - 04:37:26 EDT
> I will be performing a workstation audit on 300 W2k
> workstations across the network.
> I need to scan to see:
> 2. Whether shares are activated on these hosts.
You can use winfingerprint (http://www.datanerds.net/~vacuum/) it allows
to enumerate also services and a lot of other useful NT stuff, port
scanning (I haven't tested the latest version but previous ones had some
problems). On large network it could be slow. Also it depends on Win32
API so it is possible that some NT machines after hardening will not
allow to enumerate shares, services or remote registry access. So some
machines you will need to check locally not remotely.
> steps? I will be scanning for workstations within a
> specific IP range.
You can also try nmap (there is a binary version on eEye site) just to
do port scanning and remote host os detection. Winfigreprint will only
try to guess Windows type OS through SMB queries.
Other handy tools come with NT/2000 like nbtstat or rpcinfo (it's from
Resource Kit but you can download it from MS site for free).
You can also try Microsoft Base Line Security Analyzer and hfnetchk -
they can audit remote host but only if desired access level and
configuration criteria are met.
> For Trojan Scanning I have seen tools like TFAK. But I am
> not sure how good it is and I know it can't be run on a
TFAK is no longer maintained I believe.
Best Regards,
Aleksander Czarnowski
AVET INS
PS: winfigerprint allows to scan block of IP addresses
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT