Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: windows 2003 server

From: Nicolas RUFF <nicolas.ruff () gmail com>
Date: Sun, 11 Mar 2007 10:44:41 +0100
I have a win2003 server that I have been asked to test its password
policy.  I am new to this and was wondering what would be the best
approach to gain access?  It is in my local network and will be
segregated from the rest of the network for testing.  I would be using a
remote machine to log in and not locally.  What would be your suggestions?


Password policy can be found in Administrative Tools/[Local | Domain]
Security Policy.

What do you mean by "testing password policy" ?

Why do you need to gain access ? You'd better ask for an administrative
account and dump the SAM file into a password cracker (like LCP).

Given the default security policy of W2003 (anonymous account
enumeration blocked, password length over 7 and mixed characters
required), your chances to break in remotely without any additional
information are near zero.

Regards,
- Nicolas RUFF

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: