RE: [ok] Windows 2003 HAck

["Nunez, Yonesy F." <nunezy () conedsolutions com>]

It doesn't always find the service that is running on a particular port,
specifically LDAP over SSL (636, 3269).  I try to use it as an NMap verifier
at times, but you shouldn't rely on its output all the time.  Hope this
helps.

--
Yonesy F. Nunez, CISSP, MCSE, Security+
Technology Services
ConEdisonSolutions
Office: 914.286.7712
NunezY () ConEdSolutions com
Failed to Plan ? ... Then Plan to Fail !!!

-----Original Message-----
From: Todd Towles [mailto:toddtowles () brookshires com] 
Sent: Wednesday, September 08, 2004 4:27 PM
To: Curt Purdy
Cc: pen-test () securityfocus com
Subject: RE: [ok] Windows 2003 HAck

Anyone tested amap on a Windows 2003 box? I have it installed but never
really tested it. Any Comments?

Amap is a THC program - it maps applications to ports. 

-----Original Message-----
From: Curt Purdy [mailto:purdy () tecman com] 
Sent: Wednesday, September 08, 2004 1:39 AM
To: dan57170 () yahoo com; pen-test () securityfocus com
Subject: RE: [ok] Windows 2003 HAck

Daniel Regalado Arias wrote:
> I can tell you that the server has Terminal-Services port open, and 
> others like 80, 8080, 25, pop3(Mail Exchanger), 135 y 139 (nat).
<snip>

If they are dumb enough to be running TS on 3389, they likely have an
easy
Administrator password.  Why not just run a limited dictionary against
administrator?

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke


------------------------------------------------------------------------
------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one
interaction
with one of our expert instructors. Check out our Advanced Hacking
course,
learn to write exploits and attack security infrastructure. Attend a
course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
-------


----------------------------------------------------------------------------
--
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------