Information Security

arping – Backtrack 5 – Information Gathering – Network Analysis – Identify Live Hosts – arping

The arping application is a simple command that will allow you to ping devices by hostname, IP address, or MAC address. The unfortunate part is that most device will not respond to the arp requests, which are directed broadcast ICMP echo requests, though there are some out there that do. I go into more detail below regarding pinging via MAC address by providing an example of the typical output, example output when a MAC address responds to the ICMP echo requests, and details about how to configure hosts to respond to these ICMP echo requests. I also show a couple of the switches available with arping and provide examples of using arping to ping devices by IP and host.

Technology Insights

dnsenum – Backtrack 5 – Information Gathering – Network Analysis – DNS Analysis – dnsenum

The Perl script as described in its Perl documentation is a multithreaded script to enumerate information on a domain and to discover non-contiguous IP blocks. So the gist of dnsenum is to gather information about a specific domain using various sources. Information gathered about a domain includes sub domains, associated IP ranges, name servers, mx records, reverse DNS records, hostname IP addresses, and potential vulnerabilities via zone transfers. Below we go into detail regarding the switches available with dnsenum as well as what the command returns by default without and CLI switches.

Information Security

goofile – Backtrack 5 – Information Gathering – Web Application Analysis – Open Source Analysis – goofile

The goofile Backtrack menu item ( Backtrack > Information Gathering > Web Application Analysis > Open Source Analysis ) is a great little Python script that provides easy access and results from one of Google’s Advanced Searches. During the information gathering phase of a penetration test it provides a great method to collect data about your target by searching a domain for specific file types. Below we describe goofile in more detail and provide an example of how goofile works.

Information Security

snmpcheck – Backtrack 5 – Information Gathering – Network Analysis – SNMP Analysis – snmpcheck

SNMP can be a hidden gem that seems to be overlooked sometimes during penetration testing. It is really cool the information you can obtain just using snmpwalk from the command line however the information can be lengthy and unless you are an SNMP OID library or feel like googling a bunch of different stuff it really helps to have tools such as snmpcheck available. Below we describe what snmpcheck, which is written in Perl, will accomplish for you and we also provide a couple of examples against Ubuntu and a Cisco router.

Information Security

sqlscan – Backtrack 5 – Information Gathering – Web Application Analysis – Web Crawlers – sqlscan

Need to query Google for vulnerable SQL servers and extract MD5 hashes? The Python script is your tool then. If you are using Backtrack release 5 you will first need install Python 2.4.4 and then fix by following the instructions here and here. Once you have functioning without errors proceed to the example below.