Re: Host discovery

From: Oliver Kindernay <oliver.kindernay@xxxxxxxxx>
Date: Tue, 23 Feb 2010 15:34:46 +0100

Yes but when company use webhosting's mail server this won't work.

2010/2/23 Andrew MacPherson <andrewmohawk@xxxxxxxxx>:

You could always look at simply sending a bounce mail, ie, mailing
thisaddressdoesntexist@xxxxxxxxxxxxxxxx, and then review the headers, often
mail servers will leak information especially if they are serving to an
internal environment.

-AM

On Tue, Feb 23, 2010 at 1:27 AM, Oliver Kindernay
<oliver.kindernay@xxxxxxxxx> wrote:

Hi,

Let's imagine this situation. Some small company has internal network
with some servers directly connected to the internet. Company's web is
on the webhosintg. How can attacker now identify company's systems? I
thought about something like sending email to employee with link to
website which will log an ip address and hope employee will click on
that link in work. But what are some more passive methods for this?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require a
full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Follow-Ups:
- Re: Host discovery
  - From: Adam Mooz
- Re: Host discovery
  - From: Pete Herzog

References:
- Host discovery
  - From: Oliver Kindernay

Prev by Date: Re: Attack Simulation and Threat Modeling book
Next by Date: Re: RE: digital forensic software
Previous by thread: Host discovery
Next by thread: Re: Host discovery
Index(es):
- Date
- Thread

Relevant Pages

Re: Host discovery
... Then check the logs to see which pictures were opened. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually ...
(Pen-Test)
Re: Host discovery
... mail servers will leak information especially if they are serving to an ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
(Pen-Test)
Re: Host discovery
... If you register a static IP, or block of static IP's, they'll have to register with ICANN and provide some information. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
(Pen-Test)
RE: Host discovery
... Embeded pictures in the email may work. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually ...
(Pen-Test)
Re: Source code auditing
... As far as books go, the bible when it comes to software security is ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)