Penetration Testing mailing list archives
Re: Enumeration of NAT'ed computer names
From: Tim <tim-pentest () sentinelchicken org>
Date: Tue, 17 Jan 2006 19:08:33 -0500
I have a need to enumerate computer names i.e. \\elvis and \\winbox in a SOHO NAT'ed network. The basic idea here is that \\elvis was used to commit a crime, but in order to tie \\elvis the offender, I have to prove that \\elvis exists on the network. Caveat: I have to do it legally, and I can't actively penetrate the network to enumerate the names. Any ideas would be greatly appreciated.
I have no idea if this will work, but it seems like you might be able to sniff some goodies like this if you can lure a user to a website of your making. You could place a link/image/stylesheet/etc on that page which points to a URL in UNC format (eg "\\EVIL_IP\file"). I've heard before that you can convince Windows to send you password hashes to your systems this way in certain situations, but not sure it'll send you what you seek. good luck, tim ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Enumeration of NAT'ed computer names flightofpenguins (Jan 16)
- Re: Enumeration of NAT'ed computer names Byron Sonne (Jan 18)
- Re: Enumeration of NAT'ed computer names Tim (Jan 18)
- <Possible follow-ups>
- Re: Enumeration of NAT'ed computer names insecure (Jan 17)
- Re: Enumeration of NAT'ed computer names Technica Forensis (Jan 18)
- Re: Enumeration of NAT'ed computer names Kurt Keys (Jan 18)