RE: windows 2003 server

From: Salvador.Manaois@infineon.com
Date: Mon Mar 19 2007 - 06:44:45 EST

• Next message: Tremaine Lea: "Re: Listing hide files via ftp"
• Previous message: Mathew Rowley: "Re: TCP stack smashing"
• In reply to: Chris Parker: "Re: windows 2003 server"
• Next in thread: crazy frog crazy frog: "Re: windows 2003 server"
• Reply: crazy frog crazy frog: "Re: windows 2003 server"
• Reply: John Babio: "RE: windows 2003 server"
• Reply: killy: "Re: windows 2003 server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If your main goal is to gauge the "strength" of your organization's
password policy and _not_ how to break into the win2003 server, then you
should try to dump a copy of the SAM file onto a password-cracker.
Remotely checking the password strength may require you to try
brute-forcing a session to the server (but then again, if the invalid
login threshold setting and the account lockout policy are defined, you
may find this exercise frustratingly time-consuming). =)

...badz...
Salvador Manaois III

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Chris Parker
Sent: Saturday, March 17, 2007 7:16 AM
To: pen-test@securityfocus.com
Subject: Re: windows 2003 server

Nicolas RUFF wrote:
>> I have a win2003 server that I have been asked to test its password
>> policy. I am new to this and was wondering what would be the best
>> approach to gain access? It is in my local network and will be
>> segregated from the rest of the network for testing. I would be
>> using a remote machine to log in and not locally. What would be your
suggestions?
>
> Password policy can be found in Administrative Tools/[Local | Domain]
> Security Policy.
>
> What do you mean by "testing password policy" ?
>
> Why do you need to gain access ? You'd better ask for an
> administrative account and dump the SAM file into a password cracker
(like LCP).
>
> Given the default security policy of W2003 (anonymous account
> enumeration blocked, password length over 7 and mixed characters
> required), your chances to break in remotely without any additional
> information are near zero.
>
> Regards,
> - Nicolas RUFF
>
First, we are trying to lock down our servers. I came into this after
they had these server up for a few years, so you can see my work is cut
out for me. I just wanted the best ways to test to make sure most users
cannot get where they are not suppose to be. Current password policy is
8 characters, upper lower number.

thanks
Chris Parker

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Tremaine Lea: "Re: Listing hide files via ftp"
• Previous message: Mathew Rowley: "Re: TCP stack smashing"
• In reply to: Chris Parker: "Re: windows 2003 server"
• Next in thread: crazy frog crazy frog: "Re: windows 2003 server"
• Reply: crazy frog crazy frog: "Re: windows 2003 server"
• Reply: John Babio: "RE: windows 2003 server"
• Reply: killy: "Re: windows 2003 server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:40 EDT