Re: win2k pentest - what can i do?

["John Tannahill" <jtannahi () netcom ca>]

> I have successfully got Administrator privelages,
but only at a pseudo-dos-prompt...  Is there anything i can do to get
graphical abillities, since windows is basically useless without just
graphics.

Don't agree with this statement since there are plently of command-line
based utilities that are useful:

- other net commands (net use, start /stop services)
- telnet (you can start the win2k telnet server)
- ftp
- tftp client to obtain programs of your choice from your machine
- netcat

To answer your question re gui access (it depends what you want to do):

- Map network drive (c$, d$ etc) and use explorer
- Use MMC Win2k Admin Tools
- Use MMC IIS Admin (if web/ftp service is running)
- Start win2k terminal server if service is installed
- Use Frontpage 2000 for IIS admin
- Remotely install VNC and run for full remote control
- If Active Directory is available - use ldp.exe for enumeration
- If pcanywhere or controlit are installed - obtain client, start service
etc
- If it is running on Compaq - try Compaq Insight Manager web interface
- If SQL Server or Oracle is running - try respective clients

First step would be to enunmerate services and go from there. But again,
what is the objective????


To name but a few.

Regards, J





--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/