Penetration Testing mailing list archives

Re: Topology discover

From: "Laurent Constantin" <infos () aql fr>
Date: Fri, 23 Sep 2005 17:39:42 +0200


Hello,

I am currently performing a pen-test in the internal network of a company.
I am used to pen-testing systems and the set of applications they
support, looking for vulnerabilities in software version, logic or
misconfiguration.
I have also considered routing and protocol attacks as ARP spoofing and
RIP packet injection.
But I think I am missing some techniques to find out what the topology
is. [...]


There is a tool in my toolbox netwox which can help you :
  http://www.laurentconstantin.com/en/netw/

Tool 214 does several traceroutes to a range of computers :
 - TCP traceroute to port 21
 - TCP traceroute to port 22
 - TCP etc.
 - UDP traceroute to port 53
 - UDP etc.
 - ICMP traceroute
Then, a text graph, representing each computer, is drawn. This is not very
nice, but very useful.

For example :
  netwox 214 --ips "192.168.1.0/24" --tcpports \
    "21,22,23,25,53,79,80,88,110,113,119,139,143,389,443,445,1080,2401,6000" \
    --udpports "1,53,67,68,123,137,138,161,162,177,514" --icmp --min-ttl 4 \
    --max-ttl 7 --max-ms 300 --resolve --verbose

Just to be clear, this tool only discover computers, and does not search
for any vulnerabilities.

Regards,
Laurent Constantin
--
+--------+ Vigil@nce, vulnerabilities tracking +---------+
| http://vigilance.aql.fr/           tel: 02 99 12 50 00 |
| vigilance () aql fr                   fax: 02 99 63 70 40 |
+-------------------+ Personal website +-----------------+
| http://www.laurentconstantin.com/  (main server)       |
| http://go.to/laurentconstantin/    (first mirror)      |
+--------------------------------------------------------+

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Topology discover RSMC (Sep 21)
- <Possible follow-ups>
- Re: Topology discover DMORROW5 (Sep 22)
- Re: Topology discover Laurent Constantin (Sep 23)
- RE: Topology discover Samuel R. Baskinger (Sep 29)
- RE: Topology discover Steve McLaughlin (Sep 29)