RE: Pen-Testing Windows from Solaris

[Herwig.Thyssens () ey be]

Peter,

Charles makes allot of sense (in my humble opinion). What is the exact
purpose of the test? It seems to me it is quite a limited scope and the
scope is the mother of the assignment. :-)

But more to the point:

- In case you just have CL access but also physical access, prepare a nice
customized boot-CD and let the magic lose (if allowed)
- Otherwise, if you have only remote CL access, you can try to install a
redirector and just use the Solaris box as a link with your own box (again
if allowed).
- There used to exist a windows/dos emulator for Sun (WABI). Do not know if
it works on Solaris 2.6. You could have a look at it.

Hopes it helps but I have the feeling that you are not granted this kind of
freedom :'-)

Met vriendelijke groet,

Herwig Thyssens
Ernst & Young TSRS (formerly ISAAS)
Technology and Security Risk Services
204 Avenue Marcel Thiry Laan, B-1200 Brussels, Belgium
Tel: +32-(0)2-774.63.08 - Fax: +32-(0)2-774.94.79
E-mail: herwig.thyssens () ey be Url: www.tsrs.be




                                                                                                                        
               
                      "Ballowe,                                                                                         
               
                      Charles"                 To:      "'peter.king'" <peter.king () ziplip com>, pen-test () 
securityfocus com             
                      <CBallowe () usg co         cc:                                                                   
                  
                      m>                       Subject: RE: Pen-Testing Windows from Solaris                            
               
                                                                                                                        
               
                      12/05/2003 20:08                                                                                  
               
                                                                                                                        
               
                                                                                                                        
               




Interesting challenge - hope the customer doesn't claim security of
their MS network based on the success or failure to compromise it
from a Solaris box.

Will you have root on the Sun? I suggest getting samba installed,
mostly for the ability to browse shares etc. if you manage to find
an unsecured share or a weak password. You may also want to search
for tools to do NULL session enumeration against various boxen on
the windows network. Of course, you'll want old favorites line nmap
and a sniffer handy.

Are you allowed to social engineer (via e-mail or otherwise) a set
of tools onto their systems? There are keygrabbers or even BO that
can be fairly easy to install if you can convince a user to double
click a trojaned binary.

What is the goal of the pen test? Every test should have a goal of
some sort - whether it is take down services or gather sensitive
information doesn't really matter, but there should be a goal.

-Charlie

> -----Original Message-----
> From: peter.king [mailto:peter.king () ziplip com]
> Sent: Monday, May 12, 2003 10:10 AM
> To: pen-test () securityfocus com
> Cc: peter.king () ziplip com
> Subject: Pen-Testing Windows from Solaris
>
>
>
>
> Hi
>
> I have recently been given the task of Pen-Testing several
> large Windows networks, running a variety of versions of windows.
>
> Unfortunatly the only platform I will have to conduct the
> tests will be a Sparc Solaris 2.6 box. I will have command
> line access only to this box.
>
> I envisage the main problems with the boxes to be poor
> passwords, open shares, IIS, and MS SQL.
>
> Given these limits what command line tools would people
> suggest as the best ones to use that will run under Solaris
> 2.6? I have my own ideas for several of them but would
> appreaciate any extra input.
>
> Cheers,
>
> Peter
>
> --------------------------------------------------------------
> -------------
> Did you know that you have VNC running on your network?
> Your hacker does.
> Plug your security holes.
> Download a free 15-day trial of VAM:
> http://www.securityfocus.com/StillSecure-pen-test
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------






______________________________________________________________________


The information contained in this communication is intended solely for
the use of the individual or entity to whom it is addressed and others
authorized to receive it. It may contain confidential or legally
privileged information.  If you are not the intended recipient you are
hereby notified that any disclosure, copying, distribution or taking
any action in reliance on the contents of this information is strictly
prohibited and may be unlawful.  If you have received this
communication in error, please notify us immediately by responding to
this email and then delete it from your system.  Ernst & Young is
neither liable for the proper and complete transmission of the
information contained in this communication nor for any delay in its
receipt.




---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------