From: easternerd (easternerd@gmx.net)
Date: Tue Jul 20 2004 - 13:33:41 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
If you get a shell on the remote machine then you can probably use
Psexec to do a ipconfig and find out the internal network
range/subnet.
There are many scenarios and methods in variance, It all depends on
what sort of access method is being employed and which stage of the
penetration you are in currently
Email Correspondence :
easternerd@gmx.net
easternerd@eml.cc
Website :
http://www.cryptography.tk
http://www.securityrisk.org
- -----Original Message-----
From: il.prof@virgilio.it [mailto:il.prof@virgilio.it]
Sent: Thursday, July 15, 2004 1:47 PM
To: pen-test@securityfocus.com
Subject: Find out the subnetting of a company
During an internal black-box penetration test, from a subnet of a
company (with or without DHCP), how do you find out the structure of
the other subnets of network? In particular, how do you
determine/discover the subnetting of the IP space of a company?
An example:
- - IP network of the company XYZ: 10.0.0.0/8 (I use a private class to
avoid the use of a real address space)
- - I?m in the subnet 10.0.0.0/24
How do you find out the structure of other subnets that are part of
the network 10.0.0.0/8?
Il Prof.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQEVAwUBQPweM+xhEq37a08BAQLr9wf9ESZxq44/mum/idoSh2VdNAOS+szszw8i
6RLNIsbUiPd9RCTIFmHjQ34wQEi9hX0aOHBvzyM+gaR8EGwQXCBSgT6zukcW3dzl
I6oSRASeZTAsPYRQeOpUT+hNJl0I/6E4XQZSS4jgcR6OMDEo+50Zl6XuuqkuYxHb
ynmHSxKWUI7yVbgqO/djG7JYYJBUOkxCODPWOcICLjNFEFDxGfrd7/9qKJv5crnf
Kwp5h9R29ihI45TSAMX5VgJAJiekDhlGRESovKlO4YbEQAv9nEcP0XgeyEBJmCJX
CkH3x3nGMppDI8oaSiZ5TNjE2+7MuiDBE8TuMYrnCS9pzaSNTz4SEQ==
=dV1S
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:57 EDT