Penetration Testing mailing list archives

Re: win2k pentest - what can i do?

From: "Ryan Permeh" <ryan () eEye com>
Date: Fri, 6 Jul 2001 09:17:48 -0700

everyting that is possible from the graphical swhell is possible from the
command prompt using the proper utilities, what exactly is it that you wish
to do(or more properly: "Where do you want to go today" :)?

as a side, it occurs to me to ask the following of this group:

what level of pentration do you perform in an average test?  do you
penetrate completely?  use this to leverage access across a network? what
"trophy" do you use to prove access?  How do you spell out your level of
penetration to your customers?  do they understand the difference between
"vulnerability assesment" and penetration analysis?

just curious how everyone else chooses to do this....
Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer

----- Original Message -----
From: "Matt Andreko" <mandreko () ori net>
To: <pen-test () securityfocus com>
Sent: Friday, July 06, 2001 6:53 AM
Subject: win2k pentest - what can i do?

I normally do not do pen tests on the win2k operating system.  However I

am

doing one at the moment.  I have successfully got Administrator

privelages,

but only at a pseudo-dos-prompt...  Is there anything i can do to get
graphical abillities, since windows is basically useless without just
graphics.  I have used the "net user" command to create a new user, and
added it to the Administrators group, but I do not have physical access to
this machine.

Any help would be appreciated.

--
Matt Andreko
On-Ramp Indiana
(317)774-2100


--------------------------------------------------------------------------

------------


This list is provided by the SecurityFocus Security Intelligence Alert

(SIA) Service

For more information on SecurityFocus' SIA service which automatically

alerts you to

the latest security vulnerabilities please see:

https://alerts.securityfocus.com/



--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

Current thread:

win2k pentest - what can i do? Matt Andreko (Jul 06)
- Re: win2k pentest - what can i do? Mike DeGraw-Bertsch (Jul 06)
- Re: win2k pentest - what can i do? Jonathan Rickman (Jul 06)
- Re: win2k pentest - what can i do? John Tannahill (Jul 06)
- Re: win2k pentest - what can i do? Ryan Permeh (Jul 06)
  - Pen test vs Vulnerabilty Assessment (was Re: win2k pentest - what can i do?) Alex Butcher (Jul 11)
- <Possible follow-ups>
- RE: win2k pentest - what can i do? Jeff Seely (Jul 06)
- Re: win2k pentest - what can i do? Paul Rathborn (Jul 07)