Penetration Testing mailing list archives
Re: Info collection
From: H Carvey <keydet89 () yahoo com>
Date: 6 Aug 2004 10:37:43 -0000
In-Reply-To: <EDF30175FE4D804B83444FB153172A5020120F () louexch KiZAN net>
I am attempting to refine my methods of evaluating servers and am wondering what information you all gather during an assessment on various platforms. These would be run on the target machines with privileged accounts (root or administrator). They should be scriptable & statically compiled or at least not have any unusual dependencies.
Good luck w/ getting statically compiled tools on Windows!
Examples: Fport
I'd also consider openports.exe from DiamondCS.com.au.
Portqryv2
Good one. Add nmap.
LADS Dumpwin Lsof Netstat -an / -ln
On XP/2K3, netstat -ano
Tiger Hfnetchk Msinfo32 Winmsd
I guess from here on out, it depends on what you're looking for. My book, Windows Forensics and Incident Recovery (http://www.windows-ir.com), lists a good number of tools you might consider using, particularly if you're interested in getting process and Registry info as well from Windows boxes. In fact, the Forensic Server Project framework may be something useful for you.
Current thread:
- Info collection Jeff Gercken (Aug 05)
- RE: Info collection Israel Torres (Aug 09)
- Re: Info collection Ali-Reza Anghaie (Aug 09)
- <Possible follow-ups>
- Re: Info collection H Carvey (Aug 09)
- RE: Info collection Michael Shirk (Aug 09)
- RE: Info collection Petr . Kazil (Aug 10)
- RE: Info collection Jeff Gercken (Aug 09)
- RE: Info collection Frank Knobbe (Aug 10)
- Re: Info collection Martin Mačok (Aug 11)
- RE: Info collection Frank Knobbe (Aug 10)
- Re: Info collection H Carvey (Aug 10)
- RE: Info collection Jack Cullen (Aug 11)
- Re: Info collection H Carvey (Aug 12)