pen-test on a windows 2003 server box whit MS-SQL and Terminal Services

From: Hugo Vinicius Garcia Razera (hviniciusg@gmail.com)
Date: Tue Jun 07 2005 - 19:00:58 EDT

• Next message: Kevin Reiter: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Previous message: Todd Towles: "RE: Lan access via wifi"
• Next in thread: Kevin Reiter: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Reply: Kevin Reiter: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Reply: Aaron Oh: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Reply: Chip Andrews: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe reply: Geoff Varosky: "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe reply: mike king: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Reply: Andres Riancho: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe reply: Erik Pace Birkholz: "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe reply: DUBRAWSKY, IDO (CALLISMA): "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe reply: DUBRAWSKY, IDO (CALLISMA): "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Reply: Tomasz Piotr Palarz: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi every one, I'm doing a pen test on a client, and have found that he
have a windows 2003 server box on one segment of his public addresses
this is his dns/web/mail server:

- mssql :1433
- terminal services :3389
- iis 6 :80
- smtp :25
- pop3 :110
- dns : 53
- ftp : filtered

ports opened, i logged on the terminal services port whit the winxp
remote desktop utility and it connects perfectly.

i tried a dictionari atack on mssql server whit the "sa" account and
others user names i collected.
 Hydra from THC was the tool, but no succes on this atack.
also tried the tsgrinder for terminal services , but no success.

well here come some questions:

- What others Usernames should i try for sql and terminal services?
  i tried whit "sa" for sql and "Administrator" for TS

- Any one knows how could i identify what version of sql server is running.
- What other services of this host can be exploited?

any comments, ideas, suggestions would be greatly appreciated.

Hugo Vinicius Garcia Razera

• Next message: Kevin Reiter: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Previous message: Todd Towles: "RE: Lan access via wifi"
• Next in thread: Kevin Reiter: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Reply: Kevin Reiter: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Reply: Aaron Oh: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Reply: Chip Andrews: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe reply: Geoff Varosky: "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe reply: mike king: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Reply: Andres Riancho: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe reply: Erik Pace Birkholz: "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe reply: DUBRAWSKY, IDO (CALLISMA): "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe reply: DUBRAWSKY, IDO (CALLISMA): "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Reply: Tomasz Piotr Palarz: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:23 EDT