1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pen testing - Scanning for adjacent subnets

Discussion in 'Ethical hacking' started by liam1_y2k, May 3, 2012.

  1. liam1_y2k

    liam1_y2k New Member

    Joined:
    May 3, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Process Control Security Engineer
    Location:
    Dundee
    Hi,

    I have recently finished a course in Ethical hacking, and I have my first pen test. The task is to join my machine to the lan and basically find out as much information as I can. :D

    I have ran a local subnet scan, found a few vulnerabilities and managed to retrieve some password....happy with that. :pleased:

    One thing I am struggling with is trying to identify what additional subnets are possible associated wth the company.

    I am on a 10.1.1.0 subnet and I know there are additional subnets (for each office).......but how do I find them? I have looked for tools that can enumerate that information but I havent been able to produce anything other than data for the lan I am already on. I used a trial of LanGuard thinking that may find them but I havent had any joy. :confused:

    Any information on this would be a tremendous.

    Many thanks,
    Liam
     
  2. Syperus

    Syperus New Member

    Joined:
    Sep 2, 2011
    Messages:
    45
    Likes Received:
    9
    Trophy Points:
    0
    Location:
    127.0.0.1
    Nmap my friend. This is a phenomenal scanning tool that has so many awesome features. I highly recommend checking it out. I'm surprised you haven't heard about this if you went through an Ethical Hacking pen test course. Since your scanning within a LAN you can do an ARP scan. Check out this guide: http://nmap.org/book/man-host-discovery.html. Hope this helps.
     

Share This Page