Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Determining Trojans, File & Print Sharing, Services running r emotely on W2K

From: "Scott, Joshua" <Joshua.Scott () Jacobs com>
Date: Fri, 10 May 2002 09:23:13 -0700
Try using the Nessus scanner and only scan for know Trojans.  This will at
least give you a list of any know Trojans that are running.

Joshua Scott
Security Systems Analyst
626-568-7024


-----Original Message-----
From: Jason [mailto:cisspstudy () yahoo com] 
Sent: Thursday, May 09, 2002 4:03 PM
To: pen-test () securityfocus com
Subject: Determining Trojans, File & Print Sharing, Services running
remotely on W2K




I will be performing a workstation audit on 300 W2k 
workstations across the network.

I need to scan to see:
1. If there are any trojans running on these hosts.
2. Whether shares are activated on these hosts.
3. Whether anti-virus is installed.

I will have domain administrator rights and all 
workstations are in the windows NT 4.0 domain.

What tools do people recommend for performing each of these 
steps? I will be scanning for workstations within a 
specific IP range.

For Trojan Scanning I have seen tools like TFAK. But I am 
not sure how good it is and I know it can't be run on a 
block of IP's.

For determining whether shares are activated maybe I could 
use something like Legion ?

For determining whether anti-virus is installed I need a 
tool that can dump a list of services running on a remote 
host for a block of IP addresses.

Any help appreciated.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


======================================================================================
NOTICE - This communication may contain confidential and privileged information that is for the sole use of the 
intended recipient.  Any viewing, copying or distribution of, or reliance on this message by unintended recipients is 
strictly prohibited.  If you have received this message in error, please notify us immediately by replying to the 
message and deleting it from your computer.

==============================================================================


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: