RE: Info collection

From: Jeff Gercken (JeffG@kizan.com)
Date: Mon Aug 09 2004 - 14:21:33 EDT

• Next message: joshnunan123@yahoo.com: "nmap -- UDP scanning"
• Previous message: CORE Security Technologies Advisories: "CORE-2004-0714: Cfengine RSA Authentication Heap Corruption"
• Maybe in reply to: Jeff Gercken: "Info collection"
• Next in thread: Frank Knobbe: "RE: Info collection"
• Reply: Frank Knobbe: "RE: Info collection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What I'm looking for are utilities that collect useful information on
running production devices in the early stages of an eval. They need to
be scriptable (ie command line) and should not have any installed
components. The idea is that they can be executed remotely using shell
scripts, psexec, or rolled into an msi package.

I'm not looking for attack or external probing tools, and yes I am well
aware of nmap and what it does. The idea is that once you know
precisely what the target is you can tailor the network discovery/attack
tools to it. Why play the service guessing game w/ headers &
fingerprints when you could just find out first hand? Saves you effort
& the customer $$. In my opinion, the days of black box pen testing are
over. By starting on the box and working outward you can evaluate the
successive layers of security providing for a systematic and
comprehensive evaluation.

Anyhow that's my $.02
-jeff

-----Original Message-----
From: Michael Shirk [mailto:shirkdog@cryptomail.org]
Sent: Friday, August 06, 2004 8:00 AM
To: pen-test@securityfocus.com
Subject: RE: Info collection

There are alot of other tools. You seem to be speaking of Windows and
*nix.
For Windows, I would add tcpview from sysinternals which is a GUI
realtime traffic monitor for ports and processes.
Also, just use PHLAK or AUDITOR bootable linux distros, designed for
security and forensics to work with Windows and *nix.
Sleuthkit also with Autopsy is available on PHLAK, or just search google
and try it out.
-----Original Message-----
From: JeffG@kizan.com [mailto:JeffG@kizan.com]
Sent: Wednesday, August 04, 2004 11:02 AM
To: pen-test@securityfocus.com
Subject: Info collection
Importance: Low
I am attempting to refine my methods of evaluating servers and am
wondering what information you all gather during an assessment on
various platforms. These would be run on the target machines with
privileged accounts (root or administrator). They should be scriptable
& statically compiled or at least not have any unusual dependencies.
Examples:
Fport
Portqryv2
LADS
Dumpwin
Lsof
Netstat -an / -ln
Tiger
Hfnetchk
Msinfo32
Winmsd

!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption.
http://www.cryptomail.org/ Ensure your right to privacy.
Traditional email messages are not secure. They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+

• Next message: joshnunan123@yahoo.com: "nmap -- UDP scanning"
• Previous message: CORE Security Technologies Advisories: "CORE-2004-0714: Cfengine RSA Authentication Heap Corruption"
• Maybe in reply to: Jeff Gercken: "Info collection"
• Next in thread: Frank Knobbe: "RE: Info collection"
• Reply: Frank Knobbe: "RE: Info collection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT