Penetration Testing mailing list archives
RE: Mapping a network
From: <David_Falloon () kaltire com>
Date: Wed, 23 Sep 2009 14:06:43 -0700
Don't forget mdns queries/mdns poisoning, one multicast packet can be an avalanche of information. --Dave
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Zack Payton Sent: Tuesday, September 22, 2009 7:09 PM To: Lee Cc: pen-test () securityfocus com Subject: Re: Mapping a network DNS cache poisoning or wpad attacks Sent from my iPhone On Sep 22, 2009, at 4:04 PM, Lee <ler762 () gmail com> wrote:On 9/22/09, Zack Payton <zpayton () gmail com> wrote:Forget about scapy or the cisco perl scripts. Usedynamips and getyour own virtual router running on their network. But if passive interface is enabled, you're pretty screwedattemptingroute injection from that vantage point in the network.Which is what I thought, but I was wondering if I was missing something..I would probably resort to arp spoofing to client sidebrowser pwnageand trying to escalate that way.DHCP snooping is enabled, so that seems to kill any arp spoofing tricks. Trunking is disabled on all the switch ports, so that seems to kill any vlan hopping tricks. ... maybe if I offer someone a chocolate bar for their password :) Thanks, Lee-------------------------------------------------------------- ---------- This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Mapping a network arvind doraiswamy (Sep 14)
- Re: Mapping a network Kurt Buff (Sep 15)
- Re: Mapping a network Zack Payton (Sep 17)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Zack Payton (Sep 22)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Zack Payton (Sep 22)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Chris Brenton (Sep 23)
- Re: Mapping a network Zack Payton (Sep 23)
- RE: Mapping a network David_Falloon (Sep 24)
- Re: Mapping a network Elizabeth Greene (Sep 23)
- Re: Mapping a network Zack Payton (Sep 17)
- Re: Mapping a network Kurt Buff (Sep 15)