From: Hugo Vinicius Garcia Razera (hviniciusg@gmail.com)
Date: Fri Jun 10 2005 - 08:21:45 EDT
Hello gentlemen:
I would like to tanks every one that answered my last post.
The help was greatly appreciated.
Hugo
-----Mensaje original-----
De: Tomasz Piotr Palarz [mailto:tpalar1@uic.edu]
Enviado el: Jueves, 09 de Junio de 2005 02:09 p.m.
Para: Hugo Vinicius Garcia Razera
CC: pen-test@securityfocus.com
Asunto: Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal
Services
If somebody mentioned this and I missed it, sorry. Nmap has version
scanning that seems to work pretty well, at least for the box running
sendmail and apache that I tried it on. Don't know about mssql, though.
http://www.insecure.org/nmap/versionscan.html
Just 2c from and "aspiring" security professional.
-- Tomasz Piotr Palarz Computer Science Undergraduate University of Illinois at Chicago On Tue, 7 Jun 2005, Hugo Vinicius Garcia Razera wrote: > Hi every one, I'm doing a pen test on a client, and have found that he > have a windows 2003 server box on one segment of his public addresses > this is his dns/web/mail server: > > - mssql :1433 > - terminal services :3389 > - iis 6 :80 > - smtp :25 > - pop3 :110 > - dns : 53 > - ftp : filtered > > ports opened, i logged on the terminal services port whit the winxp > remote desktop utility and it connects perfectly. > > i tried a dictionari atack on mssql server whit the "sa" account and > others user names i collected. > Hydra from THC was the tool, but no succes on this atack. > also tried the tsgrinder for terminal services , but no success. > > > well here come some questions: > > - What others Usernames should i try for sql and terminal services? > i tried whit "sa" for sql and "Administrator" for TS > > - Any one knows how could i identify what version of sql server is running. > - What other services of this host can be exploited? > > any comments, ideas, suggestions would be greatly appreciated. > > Hugo Vinicius Garcia Razera >
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT