Penetration Testing mailing list archives
Re: Determining Trojans, File & Print Sharing, Services running remotely on W2K
From: Eric <ews () tellurian net>
Date: Mon, 13 May 2002 12:22:34 -0700
I wrote a script that does most of this - it's very easy to customize to add additional checks:
(it doesn't check specifically for AV - but you could add a module on this, or review the running processes or services on the system, which is included in the output.)
http://online.securityfocus.com/data/tools/nt_audit_script12.zip (thanks to Patrick Heim who wrote portions of this script) At 11:03 PM 5/9/2002 +0000, Jason wrote:
I will be performing a workstation audit on 300 W2k workstations across the network. I need to scan to see: 1. If there are any trojans running on these hosts. 2. Whether shares are activated on these hosts. 3. Whether anti-virus is installed. I will have domain administrator rights and all workstations are in the windows NT 4.0 domain. What tools do people recommend for performing each of these steps? I will be scanning for workstations within a specific IP range. For Trojan Scanning I have seen tools like TFAK. But I am not sure how good it is and I know it can't be run on a block of IP's. For determining whether shares are activated maybe I could use something like Legion ? For determining whether anti-virus is installed I need a tool that can dump a list of services running on a remote host for a block of IP addresses. Any help appreciated. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Determining Trojans, File & Print Sharing, Services running remotely on W2K Jason (May 10)
- RE: Determining Trojans, File & Print Sharing, Services running remotely on W2K Chris Shutters (May 13)
- Re: Determining Trojans, File & Print Sharing, Services running remotely on W2K Eric (May 13)