Re: [PEN-TEST] Pen-testing recon tools for NT

["Nelson Brito(a.k.a. stderr)" <stderr () SEKURE ORG>]

Attonbitus Deus wrote:
> User2Sid and Sid2User are nice.  They work even with RestrictAnonymous set
> to 1.  I wrote a little C++ functiod that calls the NetUserGetInfo function
> at level 3 to enumerate info for known users- but it also works great as a
> quick way to see if "Administrator" is a valid account and the 'real'
> Administrator, as well as a quick test for "Admin" and "Test" and stuff like
> that.  It also works with RA set to 1.  Ben is going to post it to the
> Bugtraq archives at some point, but I can get with Al if there is interest
> before then to see if they will post it now.  It may come in handy.

I like to point some tools that I've used to enumerate and gathering
information in Penetration Tests that I have done:
1 - qtip.exe - enumerate users(plus WKS) and shares;
2 - enum.exe - enumerate a lot of things;
3 - DumpACL - it's classic, isn't it?
4 - nltest - to find the PDC em BDC in NT Domain;
5 - lservers - to find PDC, BDC, SQL, BROWSER, etc... Very usefull...
6 - epdump - RPC dump;
7 - net - the native command in NT enviroment("net view /domain", "net
user /domain", etc);
8 - NT's Resource Kit - sc, local, dumpel, reg, snmputil, etc...

I hope that showed another tools to use in Penetration Test.

Sem mais,
--
Nelson Brito
"Windows NT can also be protected from nmap OS detection scans thanks
to _Nelson Brito_ of Sekure SDI."
              Trecho do livro "Hack Proofing your Network", página 93