RE: Pen-Testing Windows from Solaris

From: Ballowe, Charles (CBallowe@usg.com)
Date: Mon May 12 2003 - 14:08:32 EDT

• Next message: Aleksander P. Czarnowski: "RE: Pen-Testing Windows from Solaris"
• Previous message: dave@immunitysec.com: "Re: MSRPC IFID List?"
• Maybe in reply to: peter.king: "Pen-Testing Windows from Solaris"
• Next in thread: Aleksander P. Czarnowski: "RE: Pen-Testing Windows from Solaris"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Interesting challenge - hope the customer doesn't claim security of
their MS network based on the success or failure to compromise it
from a Solaris box.

Will you have root on the Sun? I suggest getting samba installed,
mostly for the ability to browse shares etc. if you manage to find
an unsecured share or a weak password. You may also want to search
for tools to do NULL session enumeration against various boxen on
the windows network. Of course, you'll want old favorites line nmap
and a sniffer handy.

Are you allowed to social engineer (via e-mail or otherwise) a set
of tools onto their systems? There are keygrabbers or even BO that
can be fairly easy to install if you can convince a user to double
click a trojaned binary.

What is the goal of the pen test? Every test should have a goal of
some sort - whether it is take down services or gather sensitive
information doesn't really matter, but there should be a goal.

-Charlie

> -----Original Message-----
> From: peter.king [mailto:peter.king@ziplip.com]
> Sent: Monday, May 12, 2003 10:10 AM
> To: pen-test@securityfocus.com
> Cc: peter.king@ziplip.com
> Subject: Pen-Testing Windows from Solaris
>
>
>
>
> Hi
>
> I have recently been given the task of Pen-Testing several
> large Windows networks, running a variety of versions of windows.
>
> Unfortunatly the only platform I will have to conduct the
> tests will be a Sparc Solaris 2.6 box. I will have command
> line access only to this box.
>
> I envisage the main problems with the boxes to be poor
> passwords, open shares, IIS, and MS SQL.
>
> Given these limits what command line tools would people
> suggest as the best ones to use that will run under Solaris
> 2.6? I have my own ideas for several of them but would
> appreaciate any extra input.
>
> Cheers,
>
> Peter
>
> --------------------------------------------------------------
> -------------
> Did you know that you have VNC running on your network?
> Your hacker does.
> Plug your security holes.
> Download a free 15-day trial of VAM:
> http://www.securityfocus.com/StillSecure-pen-test
> --------------------------------------------------------------
> --------------
>

---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------

• Next message: Aleksander P. Czarnowski: "RE: Pen-Testing Windows from Solaris"
• Previous message: dave@immunitysec.com: "Re: MSRPC IFID List?"
• Maybe in reply to: peter.king: "Pen-Testing Windows from Solaris"
• Next in thread: Aleksander P. Czarnowski: "RE: Pen-Testing Windows from Solaris"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:33 EDT