RE: Pen-Testing Windows from Solaris

From: Ballowe, Charles <CBallowe(at)usg.com>
Date: Mon May 12 2003 - 14:08:32 EDT

Interesting challenge - hope the customer doesn't claim security of their MS network based on the success or failure to compromise it from a Solaris box.

Will you have root on the Sun? I suggest getting samba installed, mostly for the ability to browse shares etc. if you manage to find an unsecured share or a weak password. You may also want to search for tools to do NULL session enumeration against various boxen on the windows network. Of course, you'll want old favorites line nmap and a sniffer handy.

Are you allowed to social engineer (via e-mail or otherwise) a set of tools onto their systems? There are keygrabbers or even BO that can be fairly easy to install if you can convince a user to double click a trojaned binary.

What is the goal of the pen test? Every test should have a goal of some sort - whether it is take down services or gather sensitive information doesn't really matter, but there should be a goal.

-Charlie

> -----Original Message-----
> From: peter.king [mailto:peter.king@ziplip.com]
> Sent: Monday, May 12, 2003 10:10 AM
> To: pen-test@securityfocus.com
> Cc: peter.king@ziplip.com
> Subject: Pen-Testing Windows from Solaris
>
>
>
>
> Hi
>
> I have recently been given the task of Pen-Testing several

---

Did you know that you have VNC running on your network? Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test

---

Received on Mon May 12 17:24:37 2003