Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Solaris Beginner

From: Todd Haverkos <infosec () haverkos com>
Date: Wed, 06 Jan 2010 18:13:05 -0600
pma111 <pmaneedham () hotmail com> writes:

Is it possible to access data from a Solaris Server on Windows XP
machine? If so could you provide tools or strategies to accomplish
this. I've heard of SAMBA but would prefer some detail on how this
works, i.e a share on the Solaris box would have to be a SAMBA share
would it not? Is it possible to access data on a solaris server from
a windows machine in the same active directory domain, but without
any specialist software?


This question may not be entirely on topic for this list, but not
knowing a list that's a better fit for it (security basics perhaps--
http://www.securityfocus.com/archive/105/description ),
I'll try to point you in the right direction.  

If the Solaris server was set up with a samba share, then yes, a
Windows machine can access that without any additional software
(orther than the samba package being required on the Solaris box).
It's just SMB, and all current Windows flavors know how to talk SMB,
as it's used in Windows folder shares.  If you share out a folder in
Windows to the network, likewise, an SMB client on a Solaris box would
be able to mount it and access those files.

For additional reading, see
http://www.samba.org/samba/what_is_samba.html


I have a copy of the /etc/shadow/ file from the Solaris Server which
contains the encrypted passwords but I cannot find any Windows based
crackers that will crack these passwords.


For Windows, John the Ripper will help you crack those. 
http://www.openwall.com/john/

And though I've not used it for *nix hashes, I'd be surprised if Cain
and Abel didn't support cracking against those.   CAin and Abel is
much more comfortable for the command-line averse and has a really
nice GUI
http://www.oxid.it/cain.html


I also dont know what client software would be required to access
data on the Server from a Windows machine even if I do decrypt some
weak passwords? Did see some mention of Putty but am unfamiliar with
this or SAMBA.


putty is a free ssh client for Windows.  It would be one way to
connect assuming the solaris server for which you cracked a password
were running an ssh server.  ssh (if you've never used it) simply put
is a text mode interface that provides remote access to a solaris
shell prompt.   Authentication is done commonly with the solaris
username and password, which you'll be prompted for upon connecting.
ssh servers generally listen on tcp port 22. 


I also assume that any "open file shares" on the
Solaris box wont be mappable or reachable to a windows machine, as
is the case on win2k and windows 2003 servers, when all you need is
my network places and hope some of the shares hav been given the
deadly "everyone acl" in NTFS?


The other thing would be to try a credentialed mounting of the SMB
shares using the username and password cracked from the shadow file
you have.     Not all uses of SMB shares are open/anonymous. 


I appreciate Solaris uses a totally different file system to NTFS
but I assume you can share directories with anyone on the network if
desired? Any tips on accessing data on this Server from Windows much
appreciated.


One of the niceties of SMB/samba is that it abstracts the underlying
filesystem such that the remote SMB client doesn't care about whether
it's NTFS, ZFS, ext3, or whatever on the disk itself.  This bodes well
for interoperability among different OS's.  


Out of interest, what are the mailing lists views on Security of a
Solaris Server if every user on the internal network only have
windows machines?  Even if there is a weak password or open file
share on the Solaris Server, without specialist software is it fair
to say the windows users still wouldnt be able to get hold of data
on the Server, or is that a very naive view on things?


I'd lean toward the latter.  There's much to know about Solaris
security.   There are solaris usenet newsgroups, and I imagine lots of
different solaris system administration forums/mailing lists where
security topics will be mixed in among others. 

Hope this helps! 

Best Regards, 
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: