Re: penetration test in a Windows 2000/NT network

From: H Carvey (keydet89@yahoo.com)
Date: Tue May 27 2003 - 16:53:02 EDT


('binary' encoding is not supported, stored as-is) In-Reply-To: <000001c31b8a$24b3b620$0300a8c0@Razvan>

Razvan,

>1. Get local administrator access to the workstation
(that couldn't bee
>too hard now, could it? :) )

Depends. Some simple configuration settings can make
it exceedingly difficult to do so...but then, NOT
making those settings can make it easy.

>1.2. Given that you have physical access to the
computer (and a FDD),
>you could try the excellent tool available at
>http://home.eunet.no/~pnordahl/ntpasswd/.

Excellent suggestion.

>5. Find a computer with a modem attached to it (look
around the office..
>you're bound to see one.. ask the fellow to mail you
some document, to
>get his IP.. I'd say wardial, but it could be hard to
determine the IP
>from the phone number, correct me if I'm wrong..

Uh...yeah. Not sure where you're going w/ that one.
Also, just b/c there's a modem in the computer, it
doesn't mean that it's a good candidate for wardialing.
 You see, not all modems have software listing for an
incoming call. We have desktops modems where I work,
and the software is client-based only...it cannot act
as a server and answer an incoming call. Oddly enough,
that's a prerequisite.

>Final thoughts.. I'd leave ettercap and the sorts
towards the end.. that
>sort of tools could be quite noisy, and noise is a
no-no.. on the other
>hand, windows is a joy to poison (it happily
overwrites static arp
>entries, except XP). Anyway, there's quite a lot of
damage to be done
>given hands-on access.

I won't disagree...but "damage" doesn't seem to be the
goal here. It seems to be more of a case of capture
the flag..."damage" will highlight the attempts, and
cause (hopefully) some kind of reaction internally.

Harlan

---------------------------------------------------------------------------
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:33 EDT