Re: [PEN-TEST] Pen-testing recon tools for NT

[Attonbitus Deus <Thor () HAMMEROFGOD COM>]

User2Sid and Sid2User are nice.  They work even with RestrictAnonymous set
to 1.  I wrote a little C++ functiod that calls the NetUserGetInfo function
at level 3 to enumerate info for known users- but it also works great as a
quick way to see if "Administrator" is a valid account and the 'real'
Administrator, as well as a quick test for "Admin" and "Test" and stuff like
that.  It also works with RA set to 1.  Ben is going to post it to the
Bugtraq archives at some point, but I can get with Al if there is interest
before then to see if they will post it now.  It may come in handy.

 AD

----- Original Message -----
From: "Batten, Gerald" <GBatten () EXOCOM COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Thursday, January 25, 2001 8:40 AM
Subject: [PEN-TEST] Pen-testing recon tools for NT


> I was wondering if anybody had any preferences with regards to information
> gathering tools for NT systems, assuming you have (legitimate) local admin
> access.  I'm looking for tools that can fit nicely on a floppy disk so
that
> I can do the analysis of the data off-site.  Any tool that requires a
> re-boot is not an option.
>
> I prefer to use the following with my clients:
>
> DumpSec
> pwdump(2)
> Lophtcrack (once I'm back at my own office)
>
> Any other suggestions?
>
>
> Gerald