Penetration Testing mailing list archives

Re: Info collection

From: Ali-Reza Anghaie <ali () packetknife com>
Date: Thu, 05 Aug 2004 22:57:08 -0400

On Wed, 2004-08-04 at 11:01, Jeff Gercken wrote:

I am attempting to refine my methods of evaluating servers and am
wondering what information you all gather during an assessment on
various platforms.  These would be run on the target machines with
privileged accounts (root or administrator).  They should be scriptable
& statically compiled or at least not have any unusual dependencies.

Examples:
Fport
Portqryv2
LADS
Dumpwin
Lsof
Netstat -an / -ln
Tiger
Hfnetchk
Msinfo32
Winmsd


It looks like you have a mix of platforms in the commands above. How
about other items (mixed platforms again) like:

MS Baseline Security Analyser
rpm -V (or other package integrity checkers)
find -perm (sticky bit, sgid, etc.)
tripwire
inzider
dumpsec (from hyena)
crontab information
startup/rc.d

*shrug* Depends on what you're trying to accomplish and log.

Cheers, -Ali

--
OpenPGP Key: 030E44E6
--
Was I helpful?: http://svcs.affero.net/rm.php?r=packetknife
--
May you do Good Magic with Perl. -- Larry Wall

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Info collection Jeff Gercken (Aug 05)
- RE: Info collection Israel Torres (Aug 09)
- Re: Info collection Ali-Reza Anghaie (Aug 09)
- <Possible follow-ups>
- Re: Info collection H Carvey (Aug 09)
- RE: Info collection Michael Shirk (Aug 09)
  - RE: Info collection Petr . Kazil (Aug 10)
- RE: Info collection Jeff Gercken (Aug 09)
  - RE: Info collection Frank Knobbe (Aug 10)
    - Re: Info collection Martin Mačok (Aug 11)
- Re: Info collection H Carvey (Aug 10)
- RE: Info collection Jack Cullen (Aug 11)
- Re: Info collection H Carvey (Aug 12)