Penetration Testing mailing list archives
Re: Mapping a network
From: Lee <ler762 () gmail com>
Date: Thu, 17 Sep 2009 19:52:18 -0400
On 9/15/09, Zack Payton <zpayton () gmail com> wrote:
If you don't have community strings, just throw some CDP packets on the wire and wait for the auto discovery algorithm of the respective NMS to give it to you..
Very nice idea. counter: SNMP string just for the NMS, access list allowing just the NMS to use that string and uRPF enabled on all user subnets
For bonus points, pretend to be a router router and get the write community strings when the NMS attempts to backup the config at midnight.
Has that actually worked for you!? counter: except or scp instead of snmp to get the configs Lee ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Mapping a network arvind doraiswamy (Sep 14)
- Re: Mapping a network Kurt Buff (Sep 15)
- Re: Mapping a network Zack Payton (Sep 17)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Zack Payton (Sep 22)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Zack Payton (Sep 22)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Chris Brenton (Sep 23)
- Re: Mapping a network Zack Payton (Sep 23)
- RE: Mapping a network David_Falloon (Sep 24)
- Re: Mapping a network Elizabeth Greene (Sep 23)
- Re: Mapping a network Zack Payton (Sep 17)
- Re: Mapping a network Kurt Buff (Sep 15)