Penetration Testing mailing list archives

Re: Profiling a Networks Infrastructure

From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Wed, 24 Jun 2009 09:06:34 -0400

Just as an aside, you should take a look at maltego and some of thecustom transforms that you can create with it. We've got it tied intonmap, nessus, and a bunch of other transforms that prove to be veryuseful.



On Jun 22, 2009, at 8:57 PM, Paul Melson wrote:

On Mon, Jun 22, 2009 at 11:18 AM, pma111<pmaneedham () hotmail com>wrote:
Is there a specific tool or procedure you use when you want to"profile" aspecific network. Namely, I would like to see what options somebodycould
use to identify every internal Oracle Database / Database Server that
resides on the Network. Could this be done without tools by somekind ofcommand line instruction, or would it require software installingon thenetwork. Or is it no way near as simplistic as this, and even auser satinside the network would need access to network documentation /diagrams etc
to identify a full list of all internal Oracle DB's / DB Servers.
It totally depends on 1) the specifics of the network and 2) what your
expectations are for a "profile."  The specific example you give can
be done easy enough with a tool like nmap using the -sV flag.   If you
have local access to the server, commands like netstat and lsof can be
used to find listening network ports, and in some cases tie them back
to running processes.  But from the network side, a port scanner like
nmap that can also perform service/banner identification is the
easiest place to start from.

PaulM

------------------------------------------------------------------------
This list is sponsored by: Information Assurance CertificationReview Board
Prove to peers and potential employers without a doubt that you canactually do a proper penetration test. IACRB CPT and CEPT certsrequire a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------




        Adriel T. Desautels
        ad_lists () netragard com
        --------------------------------------

        Subscribe to our blog
        http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Profiling a Networks Infrastructure pma111 (Jun 22)
- Re: Profiling a Networks Infrastructure pand0ra (Jun 24)
- Re: Profiling a Networks Infrastructure Paul Melson (Jun 24)
  - Re: Profiling a Networks Infrastructure Adriel T. Desautels (Jun 24)
- Re: Profiling a Networks Infrastructure Muhammad Farooq-i-Azam (Jun 24)
  - [Suspected Spam]RE: Profiling a Networks Infrastructure Syed Khaden (Jun 26)
- Re: Profiling a Networks Infrastructure Phil Young (Jun 24)
  - RE: Profiling a Networks Infrastructure Tom Farrar (Jun 24)
- <Possible follow-ups>
- Re: Profiling a Networks Infrastructure lidlosesauge (Jun 26)