Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services

From: Kevin Reiter (tux@penguinnetwerx.net)
Date: Tue Jun 07 2005 - 19:31:04 EDT

• Next message: Aaron Oh: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Previous message: Hugo Vinicius Garcia Razera: "pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• In reply to: Hugo Vinicius Garcia Razera: "pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Next in thread: Aaron Oh: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hugo Vinicius Garcia Razera wrote:
> Hi every one, I'm doing a pen test on a client, and have found that he
> have a windows 2003 server box on one segment of his public addresses
> this is his dns/web/mail server:
>
> - mssql :1433
> - terminal services :3389
> - iis 6 :80
> - smtp :25
> - pop3 :110
> - dns : 53
> - ftp : filtered

<snip>

Why is MSSQL even open to the outside? Are they (your client) aware of
this?

Just curious...

• Next message: Aaron Oh: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Previous message: Hugo Vinicius Garcia Razera: "pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• In reply to: Hugo Vinicius Garcia Razera: "pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Next in thread: Aaron Oh: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:23 EDT