RE: Find out the subnetting of a company

From: easternerd (easternerd_at_gmx.net)
Date: 07/20/04

  • Next message: Andy Cuff: "Re: Find out the subnetting of a company" 
    To: <pen-test@securityfocus.com>
Date: Tue, 20 Jul 2004 23:03:41 +0530

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi
    If you get a shell on the remote machine then you can probably use
    Psexec to do a ipconfig and find out the internal network
    range/subnet.
    There are many scenarios and methods in variance, It all depends on
    what sort of access method is being employed and which stage of the
    penetration you are in currently

    Email Correspondence :
    easternerd@gmx.net
    easternerd@eml.cc
    Website :
    http://www.cryptography.tk
    http://www.securityrisk.org

    - -----Original Message-----
    From: il.prof@virgilio.it [mailto:il.prof@virgilio.it]
    Sent: Thursday, July 15, 2004 1:47 PM
    To: pen-test@securityfocus.com
    Subject: Find out the subnetting of a company

    During an internal black-box penetration test, from a subnet of a
    company (with or without DHCP), how do you find out the structure of
    the other subnets of network? In particular, how do you
    determine/discover the subnetting of the IP space of a company?

    An example:

    - - IP network of the company XYZ: 10.0.0.0/8 (I use a private class to
    avoid the use of a real address space)
    - - I?m in the subnet 10.0.0.0/24

    How do you find out the structure of other subnets that are part of
    the network 10.0.0.0/8?

    Il Prof.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3

    iQEVAwUBQPweM+xhEq37a08BAQLr9wf9ESZxq44/mum/idoSh2VdNAOS+szszw8i
    6RLNIsbUiPd9RCTIFmHjQ34wQEi9hX0aOHBvzyM+gaR8EGwQXCBSgT6zukcW3dzl
    I6oSRASeZTAsPYRQeOpUT+hNJl0I/6E4XQZSS4jgcR6OMDEo+50Zl6XuuqkuYxHb
    ynmHSxKWUI7yVbgqO/djG7JYYJBUOkxCODPWOcICLjNFEFDxGfrd7/9qKJv5crnf
    Kwp5h9R29ihI45TSAMX5VgJAJiekDhlGRESovKlO4YbEQAv9nEcP0XgeyEBJmCJX
    CkH3x3nGMppDI8oaSiZ5TNjE2+7MuiDBE8TuMYrnCS9pzaSNTz4SEQ==
    =dV1S
    -----END PGP SIGNATURE-----

  • Next message: Andy Cuff: "Re: Find out the subnetting of a company"

    Relevant Pages

    • Re: 291 IP Addressing Help
      ... My problem is that I cannot see, understand, the uses for subnetting. ... then I keep on trying to make sense of it all on my home network ... IP addressing and that was my lowest. ... I can go to get extra material to help me study for the exam again by ...
      (microsoft.public.cert.exam.mcsa)
    • Re: subnetting
      ... subnetting the network. ... agree that vlan subnetting has it's advantages(i.e reducing broadcast ... on a 400 node network. ...
      (comp.dcom.sys.cisco)
    • Re: subnetting (helps security)
      ... I am studying subnetting and I have a few question, ... I will take as an example the network address, ... If I borrow 1 bit the result is: ... 16 combinations or 2 to the power of 4 ...
      (alt.computer.security)
    • Re: Find out the subnetting of a company
      ... request is a very unreliable method to discover IP subnetting, ... subnetting of a network, is to look for broadcast addresses. ... also treat the network address as a broadcast, ...
      (Pen-Test)
    • Re: Can I subnet my network like this ?
      ... > I would like to verify my knowledge ... > sure whether it's impossible for subnetting ... "all zeros" or "all ones" network treatment, ... but I don't think any kit behaves like that in these CIDR days. ...
      (freebsd-net)