Re: Host discovery

[Oliver Kindernay <oliver.kindernay () gmail com>]

Thanks, but I am still searching for some other methods than sending
email to employers. I think this situation occurs in most of smallest
companies, so there isn't any other method?

2010/2/23 Ron Yount <rony () co island wa us>:
> Embeded pictures in the email may work.  It could even be extended to find
> out individual workstation Ip's if each person linked to a different
> pictures. Then check the logs to see which pictures were opened.
>
> RY
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> Behalf Of Oliver Kindernay
> Sent: Tuesday, February 23, 2010 11:25 AM
> To: pen-test () securityfocus com
> Subject: Re: Host discovery
>
> Yes but when company use webhosting's mail server this won't work.
>
> 2010/2/23 Andrew MacPherson <andrewmohawk () gmail com>:
> > You could always look at simply sending a bounce mail, ie, mailing
> > thisaddressdoesntexist () organisation com, and then review the headers,
> often
> > mail servers will leak information especially if they are serving to an
> > internal environment.
> >
> > -AM
> >
> > On Tue, Feb 23, 2010 at 1:27 AM, Oliver Kindernay
> > <oliver.kindernay () gmail com> wrote:
> > > Hi,
> > >
> > > Let's imagine this situation. Some small company has internal network
> > > with some servers directly connected to the internet. Company's web is
> > > on the webhosintg. How can attacker now identify company's systems? I
> > > thought about something like sending email to employee with link to
> > > website which will log an ip address and hope employee will click on
> > > that link in work. But what are some more passive methods for this?
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Information Assurance Certification Review
> > > Board
> > >
> > > Prove to peers and potential employers without a doubt that you can
> > > actually do a proper penetration test. IACRB CPT and CEPT certs require a
> > > full practical examination in order to become certified.
> > >
> > > http://www.iacertification.org
> > > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually
> do a proper penetration test. IACRB CPT and CEPT certs require a full
> practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------