Penetration Testing mailing list archives

Re: Info collection

From: H Carvey <keydet89 () yahoo com>
Date: 6 Aug 2004 10:37:43 -0000

In-Reply-To: <EDF30175FE4D804B83444FB153172A5020120F () louexch KiZAN net>

I am attempting to refine my methods of evaluating servers and am
wondering what information you all gather during an assessment on
various platforms.  These would be run on the target machines with
privileged accounts (root or administrator).  They should be scriptable
& statically compiled or at least not have any unusual dependencies.


Good luck w/ getting statically compiled tools on Windows!

Examples:
Fport


I'd also consider openports.exe from DiamondCS.com.au.

Portqryv2


Good one.  Add nmap.

LADS
Dumpwin
Lsof
Netstat -an / -ln


On XP/2K3, netstat -ano

Tiger
Hfnetchk
Msinfo32
Winmsd


I guess from here on out, it depends on what you're looking for.  My book, Windows Forensics and Incident Recovery 
(http://www.windows-ir.com), lists a good number of tools you might consider using, particularly if you're interested 
in getting process and Registry info as well from Windows boxes.  In fact, the Forensic Server Project framework may be 
something useful for you.

Current thread:

Info collection Jeff Gercken (Aug 05)
- RE: Info collection Israel Torres (Aug 09)
- Re: Info collection Ali-Reza Anghaie (Aug 09)
- <Possible follow-ups>
- Re: Info collection H Carvey (Aug 09)
- RE: Info collection Michael Shirk (Aug 09)
  - RE: Info collection Petr . Kazil (Aug 10)
- RE: Info collection Jeff Gercken (Aug 09)
  - RE: Info collection Frank Knobbe (Aug 10)
    - Re: Info collection Martin Mačok (Aug 11)
- Re: Info collection H Carvey (Aug 10)
- RE: Info collection Jack Cullen (Aug 11)
- Re: Info collection H Carvey (Aug 12)