Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services

From: Hugo Vinicius Garcia Razera (hviniciusg@gmail.com)
Date: Fri Jun 10 2005 - 08:21:45 EDT

• Next message: Sebastian Muñiz: "RE: Pentesting a HP-UX with SMSC"
• Previous message: Leandro Reox: "RE: SQL injection"
• In reply to: Tomasz Piotr Palarz: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello gentlemen:

I would like to tanks every one that answered my last post.
The help was greatly appreciated.

Hugo
-----Mensaje original-----
De: Tomasz Piotr Palarz [mailto:tpalar1@uic.edu]
Enviado el: Jueves, 09 de Junio de 2005 02:09 p.m.
Para: Hugo Vinicius Garcia Razera
CC: pen-test@securityfocus.com
Asunto: Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal
Services

If somebody mentioned this and I missed it, sorry. Nmap has version
scanning that seems to work pretty well, at least for the box running
sendmail and apache that I tried it on. Don't know about mssql, though.

http://www.insecure.org/nmap/versionscan.html

Just 2c from and "aspiring" security professional.

--
Tomasz Piotr Palarz
Computer Science Undergraduate
University of Illinois at Chicago
On Tue, 7 Jun 2005, Hugo Vinicius Garcia Razera wrote:
> Hi every one, I'm doing a pen test on a client, and have found that he
> have a windows 2003 server box on one segment of his public addresses
> this is his dns/web/mail server:
>
> - mssql :1433
> - terminal services :3389
> - iis 6 :80
> - smtp :25
> - pop3 :110
> - dns : 53
> - ftp : filtered
>
> ports opened, i logged on the terminal services port whit the winxp
> remote desktop utility and it connects perfectly.
>
> i tried a dictionari atack on mssql server whit the "sa" account and
> others user names i collected.
>  Hydra from THC was the tool, but no succes on this atack.
> also tried the tsgrinder for terminal services , but no success.
>
>
> well here come some questions:
>
> - What others Usernames should i try for sql and terminal services?
>   i tried whit "sa" for sql and "Administrator" for TS
>
> - Any one knows how could i identify what version of sql server is
running.
> - What other services of this host can be exploited?
>
> any comments, ideas, suggestions would be greatly appreciated.
>
> Hugo Vinicius Garcia Razera
>

• Next message: Sebastian Muñiz: "RE: Pentesting a HP-UX with SMSC"
• Previous message: Leandro Reox: "RE: SQL injection"
• In reply to: Tomasz Piotr Palarz: "Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT