Re: [PEN-TEST] RAS PT

[Nasir Farhat Khan <nasir () instecdigital com>]

I suppose that you want to test an NT box running Remote Access Service.

For penetration testing you can try RASMAN Security Descriptor
Vulnerability. It is called the RASMAN bug and gives you complete control of
the NT Box running RAS Manager service. We have tested this on a NT 4.0 box
any unpriviledged NT user can gain administrative access remotely.

More details can be found at:

http://www.quimeras.com/secadv/rasman.htm

Microsoft has issued a Security Bulletin (MS99-041) on RASMAN Security
Descriptor Vulnerability. According to Microsoft SP6 machines are also
vulnerable.

http://www.microsoft.com/technet/security/bulletin/ms99-041.asp

Bugtraq Vulnerability Database:

http://www.securityfocus.com/vdb/?id=645

Nasir Farhat Khan
Instec Digital Systems - Pakistan
nasir () instecdigital com





----- Original Message -----
From: "Batten, Gerald" <GBatten () EXOCOM COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Wednesday, October 04, 2000 11:14 PM
Subject: [PEN-TEST] RAS PT


> I unfortunately have very little experience in doing any sort of PT on a
RAS
> box... let's assume it's an NT box.  Other than enforcing strong passwords
> or maybe strong authentication via certificates or SecurID-type cards,
what
> else can I do to A) protect it, and B) run some sort of PT against it?
>
> Gerald.
>
> *Note: Views expressed in this e-mail are not necessarily those of my
> employer.
> **Note:  Views expressed in this e-mail are not necessarily mine either.