Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Network Security Assessment - 2nd edition

from [doug] Network Security [Permanent Link]
Subject: Re: Network Security Assessment - 2nd edition
Date: 15 Nov 2005 15:22:53 -0000 
Chris;

Might I suggest as an update to your Windows Chapter, a section on Active 
Directory and using AD tools such as dsquery, dsget, enumprop,
dnscmd, nltest, & ntdsutil to query AD servers for information.  These tools 
can be found in the various Microsoft Support/Resource Kits and
also on Win2003 servers.

I have found these tools extremely useful during assessments, especially when a 
network is blocking typical netbios ports.  Most of these tools
run their queries over LDAP (TCP/389).

  Some of the tools and queries require privilege, some will work with either a 
Null session or without any connection at all.  The Active
Directory Cookbook has more information on these tools.

One query that requires no authentication is:
c:\>enumprop "LDAP://RootDSE";

I look forward to your updated book.

Sincerely,

Douglas Ford
---------------------
CSRgroup LLC
www.csr-group.com

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Blind SQL Injection / Stored procedures, Adam Tuliper
Next by Date:  Re: Nmap scanning speed, robert
Previous by Thread:  Network Security Assessment - 2nd edition, Chris McNab
Next by Thread:  Blind SQL Injection / Stored procedures, Andres Molinetti
Indexes:  [Date] [Thread] [Top] [All Lists]