Penetration Testing mailing list archives
Re: win2k pentest - what can i do?
From: "Ryan Permeh" <ryan () eEye com>
Date: Fri, 6 Jul 2001 09:17:48 -0700
everyting that is possible from the graphical swhell is possible from the command prompt using the proper utilities, what exactly is it that you wish to do(or more properly: "Where do you want to go today" :)? as a side, it occurs to me to ask the following of this group: what level of pentration do you perform in an average test? do you penetrate completely? use this to leverage access across a network? what "trophy" do you use to prove access? How do you spell out your level of penetration to your customers? do they understand the difference between "vulnerability assesment" and penetration analysis? just curious how everyone else chooses to do this.... Signed, Ryan Permeh eEye Digital Security Team http://www.eEye.com/Retina -Network Security Scanner http://www.eEye.com/Iris -Network Traffic Analyzer ----- Original Message ----- From: "Matt Andreko" <mandreko () ori net> To: <pen-test () securityfocus com> Sent: Friday, July 06, 2001 6:53 AM Subject: win2k pentest - what can i do?
I normally do not do pen tests on the win2k operating system. However I
am
doing one at the moment. I have successfully got Administrator
privelages,
but only at a pseudo-dos-prompt... Is there anything i can do to get graphical abillities, since windows is basically useless without just graphics. I have used the "net user" command to create a new user, and added it to the Administrators group, but I do not have physical access to this machine. Any help would be appreciated. -- Matt Andreko On-Ramp Indiana (317)774-2100 --------------------------------------------------------------------------
------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service
For more information on SecurityFocus' SIA service which automatically
alerts you to
the latest security vulnerabilities please see: https://alerts.securityfocus.com/
-------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- win2k pentest - what can i do? Matt Andreko (Jul 06)
- Re: win2k pentest - what can i do? Mike DeGraw-Bertsch (Jul 06)
- Re: win2k pentest - what can i do? Jonathan Rickman (Jul 06)
- Re: win2k pentest - what can i do? John Tannahill (Jul 06)
- Re: win2k pentest - what can i do? Ryan Permeh (Jul 06)
- Pen test vs Vulnerabilty Assessment (was Re: win2k pentest - what can i do?) Alex Butcher (Jul 11)
- <Possible follow-ups>
- RE: win2k pentest - what can i do? Jeff Seely (Jul 06)
- Re: win2k pentest - what can i do? Paul Rathborn (Jul 07)