Penetration Testing mailing list archives
Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services
From: "mike king" <ngiles () hushmail com>
Date: Tue, 7 Jun 2005 17:27:58 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.sqlteam.com/item.asp?ItemID=5403 http://www.samspublishing.com/articles/article.asp?p=30124&seqNum=2& rl=1 http://www.aspnetemail.com/help/aspnetemail.smtpstate.html I think sqlping would help you out in the sql server issue above are some links to look at. Try to enumerate accounts on through smtp running try commands like VRFY and so on. After you do this you can send some e-mails to those users and try to either social engineer additional account information or setup a malicious link "user your imagination here". As for as the web goes try and look for any configuration issues or input validation errors through any apps they might be running. If you have web inspect you can use that to help that process it misses a lot but again would more than likely find something. Btw some good distro's to try to use for your pentest would be the auditor cd, whoppix, knoppix std as these come with a lot of tools built in, but the best to way to do any pentest is through manual and not automated etc,, and so on. This is just my quick 2 cents hope this helps. Again, this all depends on the scope of your work/ rules of engagement. On Tue, 07 Jun 2005 16:00:58 -0700 Hugo Vinicius Garcia Razera <hviniciusg () gmail com> wrote:
Hi every one, I'm doing a pen test on a client, and have found that he have a windows 2003 server box on one segment of his public addresses this is his dns/web/mail server: - mssql :1433 - terminal services :3389 - iis 6 :80 - smtp :25 - pop3 :110 - dns : 53 - ftp : filtered ports opened, i logged on the terminal services port whit the winxp remote desktop utility and it connects perfectly. i tried a dictionari atack on mssql server whit the "sa" account and others user names i collected. Hydra from THC was the tool, but no succes on this atack. also tried the tsgrinder for terminal services , but no success. well here come some questions: - What others Usernames should i try for sql and terminal services? i tried whit "sa" for sql and "Administrator" for TS - Any one knows how could i identify what version of sql server is
running. - What other services of this host can be exploited? any comments, ideas, suggestions would be greatly appreciated. Hugo Vinicius Garcia Razera
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkKmO44ACgkQUjm7xSZSd8Fk9wCcCpX6OBgeys4sCjUcvRvIVmsHyOwA n1sbG2oXgNqhBZQ84khN+szHmu6z =ZqJk -----END PGP SIGNATURE-----
Current thread:
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services, (continued)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Aaron Oh (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Chip Andrews (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Andres Riancho (Jun 07)
- Injecting commands into a mainframe through a servlet Frederic Charpentier (Jun 08)
- RE: Injecting commands into a mainframe through a servlet Jason Muskat (Jun 08)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Leandro Reox (Jun 09)
- Injecting commands into a mainframe through a servlet Frederic Charpentier (Jun 08)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Tomasz Piotr Palarz (Jun 09)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Hugo Vinicius Garcia Razera (Jun 10)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Geoff Varosky (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services mike king (Jun 07)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Erik Pace Birkholz (Jun 09)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services DUBRAWSKY, IDO (CALLISMA) (Jun 09)
- Message not available
- SQL injection Faisal Khan (Jun 09)
- Re: SQL injection Joel Esler (Jun 09)
- Re: SQL injection ilaiy (Jun 09)
- Re: SQL injection Christian Martorella (Jun 09)
- Re: SQL injection Richard Barrell (Jun 09)
- Re: SQL injection Faisal Khan (Jun 09)
- Re: SQL injection Matt Davis (Jun 09)
- Message not available
- RE: SQL injection Aric Perminter (Jun 09)