Re: penetration test in a Windows 2000/NT network

Razvan,

>1. Get local administrator access to the workstation
(that couldn't bee
>too hard now, could it? :) )

Depends. Some simple configuration settings can make it exceedingly difficult to do so...but then, NOT making those settings can make it easy.

>1.2. Given that you have physical access to the
computer (and a FDD),
>you could try the excellent tool available at

Excellent suggestion.

>5. Find a computer with a modem attached to it (look
around the office..
>you're bound to see one.. ask the fellow to mail you
some document, to
>get his IP.. I'd say wardial, but it could be hard to
determine the IP
>from the phone number, correct me if I'm wrong..

Uh...yeah. Not sure where you're going w/ that one. Also, just b/c there's a modem in the computer, it doesn't mean that it's a good candidate for wardialing.  You see, not all modems have software listing for an incoming call. We have desktops modems where I work, and the software is client-based only...it cannot act as a server and answer an incoming call. Oddly enough, that's a prerequisite.

>Final thoughts.. I'd leave ettercap and the sorts
towards the end.. that
>sort of tools could be quite noisy, and noise is a
no-no.. on the other
>hand, windows is a joy to poison (it happily
overwrites static arp
>entries, except XP). Anyway, there's quite a lot of
damage to be done
>given hands-on access.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I won't disagree...but "damage" doesn't seem to be the goal here. It seems to be more of a case of capture the flag..."damage" will highlight the attempts, and cause (hopefully) some kind of reaction internally.

Harlan