penetration test in a Windows 2000/NT network

From: heron heron (h.heron@firemail.de)
Date: Wed May 14 2003 - 09:29:31 EDT

• Next message: Volker Tanger: "Re: Mail Server testing"
• Previous message: Alfred Huger: "New SecurityFocus articles"
• Next in thread: Mark Ng: "RE: penetration test in a Windows 2000/NT network"
• Reply: Mark Ng: "RE: penetration test in a Windows 2000/NT network"
• Reply: Michael Thumann: "Re: penetration test in a Windows 2000/NT network"
• Reply: Chris Beek: "Re: penetration test in a Windows 2000/NT network"
• Maybe reply: Ballowe, Charles: "RE: penetration test in a Windows 2000/NT network"
• Maybe reply: Romes, Randall J.: "RE: penetration test in a Windows 2000/NT network"
• Maybe reply: Herwig.Thyssens@ey.be: "RE: penetration test in a Windows 2000/NT network"
• Reply: Razvan: "RE: penetration test in a Windows 2000/NT network"
• Maybe reply: Matthew Wagenknecht: "RE: penetration test in a Windows 2000/NT network"
• Reply: Anders Thulin: "Re: penetration test in a Windows 2000/NT network"
• Maybe reply: H Carvey: "Re: penetration test in a Windows 2000/NT network"
• Maybe reply: ][-][UNTER: "Re: penetration test in a Windows 2000/NT network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I will accomplish a penetration test in a Windows 2000/NT network shortly. A
goal is to get confidential information (files) and if possible get admin
rights. I will be with my computers in the LAN. A computer for normal uses (thus
no Admin access) is likewise put to me at the disposal.

Is there a possibility on a Windows 2000 computers (physical access is possible)
to attain admin rights without to overwrite the admin account. Background: I
would like try to crack the password of the local admin (e.g. by means of pwdump
and John). There ist the possibility that all admin passwords (also for the
domain) is alike.

Is there a tool, with which I can crack NTLMv2 hashes. Background: I will try to
sniff hashes during the registration at the DC (e.g. CAIN, ettercap) and to
crack them. Unfortunately me is still no tool known in order to crack NTLMv2
hashes.

A further possibility at to come to information, would be the employment of a
SMB Proxy. By ARP Spoofing it would be nevertheless theoretically possible to
intercept the LM/NTLM(v1/v2) authentication . Then the attacker could itself
instead announce at the server. Does it give there already such a Tool?

Who has suggestions? For Tools please give always in the Web URL (if possible of
the programmer).

Greeting
Heron

__________________________________________________________________
Arcor-DSL Flatrate - jetzt kostenlos einsteigen und bis zu 76,18 Euro sparen!
Arcor-DSL gibt es jetzt auch mit bis zu 1500 Mbit/s Downstream! http://www.angebot.arcor.net/cgi-bin/angebot.cgi?key=b13e92247022

---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------

• Next message: Volker Tanger: "Re: Mail Server testing"
• Previous message: Alfred Huger: "New SecurityFocus articles"
• Next in thread: Mark Ng: "RE: penetration test in a Windows 2000/NT network"
• Reply: Mark Ng: "RE: penetration test in a Windows 2000/NT network"
• Reply: Michael Thumann: "Re: penetration test in a Windows 2000/NT network"
• Reply: Chris Beek: "Re: penetration test in a Windows 2000/NT network"
• Maybe reply: Ballowe, Charles: "RE: penetration test in a Windows 2000/NT network"
• Maybe reply: Romes, Randall J.: "RE: penetration test in a Windows 2000/NT network"
• Maybe reply: Herwig.Thyssens@ey.be: "RE: penetration test in a Windows 2000/NT network"
• Reply: Razvan: "RE: penetration test in a Windows 2000/NT network"
• Maybe reply: Matthew Wagenknecht: "RE: penetration test in a Windows 2000/NT network"
• Reply: Anders Thulin: "Re: penetration test in a Windows 2000/NT network"
• Maybe reply: H Carvey: "Re: penetration test in a Windows 2000/NT network"
• Maybe reply: ][-][UNTER: "Re: penetration test in a Windows 2000/NT network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:33 EDT