Penetration Testing mailing list archives
Re: win2k pentest - what can i do?
From: Jonathan Rickman <jonathan () xcorps net>
Date: Fri, 6 Jul 2001 11:47:46 -0400 (EDT)
On Fri, 6 Jul 2001, Matt Andreko wrote:
I normally do not do pen tests on the win2k operating system. However I am doing one at the moment. I have successfully got Administrator privelages, but only at a pseudo-dos-prompt... Is there anything i can do to get graphical abillities, since windows is basically useless without just graphics. I have used the "net user" command to create a new user, and added it to the Administrators group, but I do not have physical access to this machine. Any help would be appreciated.
Depends on what you want to do. If you insist on having a GUI, and you are not concerned about stealth, you could use the "pseudo-dos-prompt" to grab VNC from one of your machines, install and run as a service. That's not exactly the stealth approach...but it will get you a GUI. Like I say, it just depends on what your goals are. Personally, I think you've gone far enough. At this point I'd tell the client that you have access (however rudimentary) and offer to help tighten up the box on site. Then you'll be able to audit the system more thoroughly. -- Jonathan Rickman X Corps Security http://www.xcorps.net -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- win2k pentest - what can i do? Matt Andreko (Jul 06)
- Re: win2k pentest - what can i do? Mike DeGraw-Bertsch (Jul 06)
- Re: win2k pentest - what can i do? Jonathan Rickman (Jul 06)
- Re: win2k pentest - what can i do? John Tannahill (Jul 06)
- Re: win2k pentest - what can i do? Ryan Permeh (Jul 06)
- Pen test vs Vulnerabilty Assessment (was Re: win2k pentest - what can i do?) Alex Butcher (Jul 11)
- <Possible follow-ups>
- RE: win2k pentest - what can i do? Jeff Seely (Jul 06)
- Re: win2k pentest - what can i do? Paul Rathborn (Jul 07)