RE: Network Proxy Server Finder

[Replies] [Reply] [View by Thread] [Help]
[Back To CyberArmy Help & Support]

Epsilon Maj Pain in the Ass

You realize that ISA servers are meant to monitor network activity and DETECT scans? So I am not sure if scanning for the ISA server is your best bet, but that depends on how smart/stupid your network admins are. So let me start with a warning: if you go this path you may very well be detected, which may have implications on your employment status.

As for proxies, the standard ports are 80, 1080, 3128, 8000 and 8080, so if you really want to do a scan, limit it to those ports only in your first run.

If those standard ports fail, you might have to start mapping the service banners/headers/flags, whatever people call them these days (host address masked for this example):

gabb@downtime:~$ amap 212.100.132.xxx 6472
amap v5.2 (www.thc.org/thc-amap) started at 2008-09-28 10:32:22 - MAPPING mode

Protocol on 212.100.132.xxx:6472/tcp matches http
Protocol on 212.100.132.xxx:6472/tcp matches http-proxy

Unidentified ports: none.

amap v5.2 finished at 2008-09-28 10:32:33

Another shot you may have is to sit down at your collegues computer and check his ARP table (Run -> cmd -> arp -a), which would give you a fair shot at that mysterious proxy if its in the same network segment as his computer. To be honest, you'd have to be incredible lucky if thats the case or the network admins have to be incredibly stupid if they configured the routers for Proxy ARP as an alternative case.

Ultimately it may be a better path if you do some reconnaissance from home (proxied) than from within the network. Figure out the IP-range (whois), use some google hacks to find potential entries of your companies IPs in public awstats or ntop installations etc (may include the outgoing port of the proxy). Be creative, but first and foremost, be safe.

Replies:

Network Proxy Server Finder - Rec Kuroro 2008-09-27 16:41:16
- RE: Network Proxy Server Finder - Guest(Kheo) 2008-11-21 06:15:53
- >RE: Network Proxy Server Finder - Epsilon Maj Pain in the Ass 2008-09-28 08:53:44 <

Guest:
Subject:
Message:	On 2008-09-28 08:53:44, Pain in the Ass wrote >You realize that ISA servers are meant to monitor network activity and DETECT scans? So I am not sure if scanning for the ISA server is your best bet, but that depends on how smart/stupid your network admins are. So let me start with a warning: if you go this path you may very well be detected, which may have implications on your employment status. > >As for proxies, the standard ports are 80, 1080, 3128, 8000 and 8080, so if you really want to do a scan, limit it to those ports only in your first run. > >If those standard ports fail, you might have to start mapping the service banners/headers/flags, whatever people call them these days (host address masked for this example): >[code] >gabb@downtime:~$ amap 212.100.132.xxx 6472 >amap v5.2 (www.thc.org/thc-amap) started at 2008-09-28 10:32:22 - MAPPING mode > >Protocol on 212.100.132.xxx:6472/tcp matches http >Protocol on 212.100.132.xxx:6472/tcp matches http-proxy > >Unidentified ports: none. > >amap v5.2 finished at 2008-09-28 10:32:33 >[/code] > >Another shot you may have is to sit down at your collegues computer and check his ARP table (Run -> cmd -> arp -a), which would give you a fair shot at that mysterious proxy if its in the same network segment as his computer. To be honest, you'd have to be incredible lucky if thats the case or the network admins have to be incredibly stupid if they configured the routers for Proxy ARP as an alternative case. > >Ultimately it may be a better path if you do some reconnaissance from home (proxied) than from within the network. Figure out the IP-range (whois), use some google hacks to find potential entries of your companies IPs in public awstats or ntop installations etc (may include the outgoing port of the proxy). Be creative, but first and foremost, be safe.
Signature:
Optional Image Link:
http://

CyberArmy::Forum v0.6
Generated In 0.00522 seconds