From: Fernando Cardoso (fcardoso@trusted.pt)
Date: Fri Aug 29 2003 - 07:41:02 EDT
I'm pen-testing a customer who has a MS MIS box running on a W2K/IIS 5.0.
Has anybody pen-pest this server and want to share its findings?
Access directories are password protected (yes, I'm running a dictionary
attack and brute force will follow) and admin directories have IP ACLs
(anti-spofing measures are in place...). OS and IIS are fully patched.
Thanks in advance
Fernando
Trusted Systems - http://www.trusted.pt
Praça de Alvalade, n.º 6 - 6.º piso
1700-036 Lisboa, PORTUGAL
Tel: +351 217994200
Fax: +351 217994242
-- A presente mensagem pode conter informação considerada confidencial. Se o receptor desta mensagem não for o destinatário indicado, fica expressamente proibido de copiar ou endereçar a mensagem a terceiros. Em tal situação, o receptor deverá destruir a presente mensagem e por gentileza informar o emissor de tal facto. Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. --------------------------------------------------------------------------- FREE Trial! New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL and PROFESSIONAL TL software. Fast, reliable vulnerability assessment technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825 ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT