Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services

From: mike king (ngiles@hushmail.com)
Date: Tue Jun 07 2005 - 20:27:58 EDT

• Next message: Andres Riancho: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Previous message: Geoff Varosky: "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe in reply to: Hugo Vinicius Garcia Razera: "pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Next in thread: Andres Riancho: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.sqlteam.com/item.asp?ItemID=5403
http://www.samspublishing.com/articles/article.asp?p=30124&seqNum=2&
rl=1
http://www.aspnetemail.com/help/aspnetemail.smtpstate.html

I think sqlping would help you out in the sql server issue above
are some links to look at.

Try to enumerate accounts on through smtp running try commands like
“VRFY” and so on. After you do this you can send some e-mails to
those users and try to either social engineer additional account
information or setup a malicious link "user your imagination here".

As for as the web goes try and look for any configuration issues or
input validation errors through any apps they might be running. If
you have web inspect you can use that to help that process it
misses a lot but again would more than likely find something.

Btw some good distro's to try to use for your pentest would be the
auditor cd, whoppix, knoppix std as these come with a lot of tools
built in, but the best to way to do any pentest is through manual
and not automated etc,, and so on.

This is just my quick 2 cents hope this helps. Again, this all
depends on the scope of your work/ rules of engagement.

On Tue, 07 Jun 2005 16:00:58 -0700 Hugo Vinicius Garcia Razera
<hviniciusg@gmail.com> wrote:
>Hi every one, I'm doing a pen test on a client, and have found
>that he
>have a windows 2003 server box on one segment of his public
>addresses
>this is his dns/web/mail server:
>
>- mssql :1433
>- terminal services :3389
>- iis 6 :80
>- smtp :25
>- pop3 :110
>- dns : 53
>- ftp : filtered
>
>ports opened, i logged on the terminal services port whit the
>winxp
>remote desktop utility and it connects perfectly.
>
>i tried a dictionari atack on mssql server whit the "sa" account
>and
>others user names i collected.
> Hydra from THC was the tool, but no succes on this atack.
>also tried the tsgrinder for terminal services , but no success.
>
>
>well here come some questions:
>
>- What others Usernames should i try for sql and terminal
>services?
> i tried whit "sa" for sql and "Administrator" for TS
>
>- Any one knows how could i identify what version of sql server is

>running.
>- What other services of this host can be exploited?
>
>any comments, ideas, suggestions would be greatly appreciated.
>
>Hugo Vinicius Garcia Razera
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkKmO44ACgkQUjm7xSZSd8Fk9wCcCpX6OBgeys4sCjUcvRvIVmsHyOwA
n1sbG2oXgNqhBZQ84khN+szHmu6z
=ZqJk
-----END PGP SIGNATURE-----

• Next message: Andres Riancho: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Previous message: Geoff Varosky: "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Maybe in reply to: Hugo Vinicius Garcia Razera: "pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Next in thread: Andres Riancho: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:23 EDT