Penetration Testing mailing list archives
Re: [PEN-TEST] Pen-testing recon tools for NT
From: "Nelson Brito(a.k.a. stderr)" <stderr () SEKURE ORG>
Date: Wed, 26 Jan 2000 08:09:59 -0200
Attonbitus Deus wrote:
User2Sid and Sid2User are nice. They work even with RestrictAnonymous set to 1. I wrote a little C++ functiod that calls the NetUserGetInfo function at level 3 to enumerate info for known users- but it also works great as a quick way to see if "Administrator" is a valid account and the 'real' Administrator, as well as a quick test for "Admin" and "Test" and stuff like that. It also works with RA set to 1. Ben is going to post it to the Bugtraq archives at some point, but I can get with Al if there is interest before then to see if they will post it now. It may come in handy.
I like to point some tools that I've used to enumerate and gathering information in Penetration Tests that I have done: 1 - qtip.exe - enumerate users(plus WKS) and shares; 2 - enum.exe - enumerate a lot of things; 3 - DumpACL - it's classic, isn't it? 4 - nltest - to find the PDC em BDC in NT Domain; 5 - lservers - to find PDC, BDC, SQL, BROWSER, etc... Very usefull... 6 - epdump - RPC dump; 7 - net - the native command in NT enviroment("net view /domain", "net user /domain", etc); 8 - NT's Resource Kit - sc, local, dumpel, reg, snmputil, etc... I hope that showed another tools to use in Penetration Test. Sem mais, -- Nelson Brito "Windows NT can also be protected from nmap OS detection scans thanks to _Nelson Brito_ of Sekure SDI." Trecho do livro "Hack Proofing your Network", página 93
Current thread:
- [PEN-TEST] Pen-testing recon tools for NT Batten, Gerald (Jan 25)
- Re: [PEN-TEST] Pen-testing recon tools for NT Attonbitus Deus (Jan 25)
- Re: [PEN-TEST] Pen-testing recon tools for NT Nelson Brito(a.k.a. stderr) (Jan 29)
- <Possible follow-ups>
- Re: [PEN-TEST] Pen-testing recon tools for NT Hodge, Tom (Jan 25)
- Re: [PEN-TEST] Pen-testing recon tools for NT Baudendistel Matt Contractor USTC (Jan 29)
- Re: [PEN-TEST] Pen-testing recon tools for NT Thierry (Jan 29)
- Re: [PEN-TEST] Pen-testing recon tools for NT Attonbitus Deus (Jan 25)