I put together a Technical Assessment Plan that can be used to conduct external fingerprinting using the tools and utilities that a penetration tester would use. The assessment plans are structured in a way to help with the documentation of evidence for inclusion in a work-paper process. The plan provides helpful information on how to install, configure, and use the tools to obtain the evidence needed for an engagement. The Technical Assessment Plans that I have created can be found here.
Updated 7/2/2016 – yeah, I haven’t needed to parse the shitty output from this tool in 7 years. I never accounted for “special access” permissions not including the account with the access.
CACLS.exe is a great builtin Windows utility that allows you to list the permissions on a file or folder. This command has been used in an audit to get the permissions of the folders on an agency file server that served the “private” shares to each Domain user. The findings we would be looking for when examining the results are improper access to the “private” shares by other Domain users.
For CACLS options and how to interpret the results see this site.