Re: Info collection

From: H Carvey (keydet89@yahoo.com)
Date: Fri Aug 06 2004 - 06:37:43 EDT

• Next message: Michael Shirk: "RE: Info collection"
• Previous message: Jacco Tunnissen: "Re: nessus exceptions"
• Maybe in reply to: Jeff Gercken: "Info collection"
• Next in thread: Michael Shirk: "RE: Info collection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>I am attempting to refine my methods of evaluating servers and am
>wondering what information you all gather during an assessment on
>various platforms. These would be run on the target machines with
>privileged accounts (root or administrator). They should be scriptable
>& statically compiled or at least not have any unusual dependencies.

Good luck w/ getting statically compiled tools on Windows!

>Examples:
>Fport

I'd also consider openports.exe from DiamondCS.com.au.

>Portqryv2

Good one. Add nmap.

>LADS
>Dumpwin
>Lsof
>Netstat -an / -ln

On XP/2K3, netstat -ano

>Tiger
>Hfnetchk
>Msinfo32
>Winmsd

I guess from here on out, it depends on what you're looking for. My book, Windows Forensics and Incident Recovery (http://www.windows-ir.com), lists a good number of tools you might consider using, particularly if you're interested in getting process and Registry info as well from Windows boxes. In fact, the Forensic Server Project framework may be something useful for you.

• Next message: Michael Shirk: "RE: Info collection"
• Previous message: Jacco Tunnissen: "Re: nessus exceptions"
• Maybe in reply to: Jeff Gercken: "Info collection"
• Next in thread: Michael Shirk: "RE: Info collection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT