Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   Pen testing - Scanning for adjacent subnets (http://www.go4expert.com/forums/pen-testing-scanning-adjacent-subnets-t28327/)

liam1_y2k 3May2012 21:40

Pen testing - Scanning for adjacent subnets

I have recently finished a course in Ethical hacking, and I have my first pen test. The task is to join my machine to the lan and basically find out as much information as I can. :D

I have ran a local subnet scan, found a few vulnerabilities and managed to retrieve some password....happy with that. :pleased:

One thing I am struggling with is trying to identify what additional subnets are possible associated wth the company.

I am on a subnet and I know there are additional subnets (for each office).......but how do I find them? I have looked for tools that can enumerate that information but I havent been able to produce anything other than data for the lan I am already on. I used a trial of LanGuard thinking that may find them but I havent had any joy. :confused:

Any information on this would be a tremendous.

Many thanks,

Syperus 25May2012 06:00

Re: Pen testing - Scanning for adjacent subnets
Nmap my friend. This is a phenomenal scanning tool that has so many awesome features. I highly recommend checking it out. I'm surprised you haven't heard about this if you went through an Ethical Hacking pen test course. Since your scanning within a LAN you can do an ARP scan. Check out this guide: http://nmap.org/book/man-host-discovery.html. Hope this helps.

All times are GMT +5.5. The time now is 04:12.