Pentest - ISA server

["Kurt M. John" <kurt.md.john () gmail com>]

Hey guys,

I have a question but I wanted to share this part with you first. I'm
doing a pentest for a client (scope includes several places including a
library) and its been all types of fun actually. Yesterday I posed as a
library patron. I went through about 3 library computers that all had
bios passwords on them but I finally found one that didn't. So I
rebooted the computer that had no bios password to backtrack(installed
on a usb key) and got the sam file  and quickly emailed it to myself. I
then copied netcat to the local drive. The plan was to reboot the
machine in windows and attempt run netcat as a listener but library
staff began to get suspicious when they saw an operating system that
they didn't know so I had to make a quick exit. I'll head back there on
monday when things quiet down. I was able to crack the sam file and get
the admin password so i'm good. ...figured I'd share that.

Now for my real question. They have some ISA servers that take care of
all outgoing and incoming traffic. I ran nmap on them and at least one
of them have over 50000 open ports. Subsequently, I ran fast-track and
had quite a few bind exploits but the ISA server drops the connection.
Tried to run fast-track using reverse connections but no luck. I
essentially want to know; in your experiences, do you see ISA servers
with that many ports open. Trying to figure out if that's a finding

What do you guys think?

Kurt M. John, CISA, C|EH, CPT
http://www.applisoft.net





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------