Re: penetration test in a Windows 2000/NT network

[H Carvey <keydet89 () yahoo com>]

In-Reply-To: <000001c31b8a$24b3b620$0300a8c0@Razvan>

Razvan, 

> 1. Get local administrator access to the workstation
(that couldn't bee
> too hard now, could it? :) )

Depends.  Some simple configuration settings can make
it exceedingly difficult to do so...but then, NOT
making those settings can make it easy.

> 1.2. Given that you have physical access to the
computer (and a FDD),
> you could try the excellent tool available at
> http://home.eunet.no/~pnordahl/ntpasswd/. 

Excellent suggestion.

> 5. Find a computer with a modem attached to it (look
around the office..
> you're bound to see one.. ask the fellow to mail you
some document, to
> get his IP.. I'd say wardial, but it could be hard to
determine the IP
> from the phone number, correct me if I'm wrong.. 

Uh...yeah.  Not sure where you're going w/ that one. 
Also, just b/c there's a modem in the computer, it
doesn't mean that it's a good candidate for wardialing.
 You see, not all modems have software listing for an
incoming call.  We have desktops modems where I work,
and the software is client-based only...it cannot act
as a server and answer an incoming call.  Oddly enough,
that's a prerequisite.

> Final thoughts.. I'd leave ettercap and the sorts
towards the end.. that
> sort of tools could be quite noisy, and noise is a
no-no.. on the other
> hand, windows is a joy to poison (it happily
overwrites static arp
> entries, except XP). Anyway, there's quite a lot of
damage to be done
> given hands-on access.

I won't disagree...but "damage" doesn't seem to be the
goal here.  It seems to be more of a case of capture
the flag..."damage" will highlight the attempts, and
cause (hopefully) some kind of reaction internally.

Harlan

---------------------------------------------------------------------------
----------------------------------------------------------------------------