Penetration Testing mailing list archives
Re: Profiling a Networks Infrastructure
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Wed, 24 Jun 2009 09:06:34 -0400
Just as an aside, you should take a look at maltego and some of the custom transforms that you can create with it. We've got it tied into nmap, nessus, and a bunch of other transforms that prove to be very useful.
On Jun 22, 2009, at 8:57 PM, Paul Melson wrote:
On Mon, Jun 22, 2009 at 11:18 AM, pma111<pmaneedham () hotmail com> wrote:Is there a specific tool or procedure you use when you want to "profile" a specific network. Namely, I would like to see what options somebody coulduse to identify every internal Oracle Database / Database Server thatresides on the Network. Could this be done without tools by some kind of command line instruction, or would it require software installing on the network. Or is it no way near as simplistic as this, and even a user sat inside the network would need access to network documentation / diagrams etcto identify a full list of all internal Oracle DB's / DB Servers.It totally depends on 1) the specifics of the network and 2) what your expectations are for a "profile." The specific example you give can be done easy enough with a tool like nmap using the -sV flag. If you have local access to the server, commands like netstat and lsof can be used to find listening network ports, and in some cases tie them back to running processes. But from the network side, a port scanner like nmap that can also perform service/banner identification is the easiest place to start from. PaulM ------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org ------------------------------------------------------------------------
Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Profiling a Networks Infrastructure pma111 (Jun 22)
- Re: Profiling a Networks Infrastructure pand0ra (Jun 24)
- Re: Profiling a Networks Infrastructure Paul Melson (Jun 24)
- Re: Profiling a Networks Infrastructure Adriel T. Desautels (Jun 24)
- Re: Profiling a Networks Infrastructure Muhammad Farooq-i-Azam (Jun 24)
- [Suspected Spam]RE: Profiling a Networks Infrastructure Syed Khaden (Jun 26)
- Re: Profiling a Networks Infrastructure Phil Young (Jun 24)
- RE: Profiling a Networks Infrastructure Tom Farrar (Jun 24)
- <Possible follow-ups>
- Re: Profiling a Networks Infrastructure lidlosesauge (Jun 26)