Penetration Testing mailing list archives
pen-test on a windows 2003 server box whit MS-SQL and Terminal Services
From: Hugo Vinicius Garcia Razera <hviniciusg () gmail com>
Date: Tue, 7 Jun 2005 19:00:58 -0400
Hi every one, I'm doing a pen test on a client, and have found that he have a windows 2003 server box on one segment of his public addresses this is his dns/web/mail server: - mssql :1433 - terminal services :3389 - iis 6 :80 - smtp :25 - pop3 :110 - dns : 53 - ftp : filtered ports opened, i logged on the terminal services port whit the winxp remote desktop utility and it connects perfectly. i tried a dictionari atack on mssql server whit the "sa" account and others user names i collected. Hydra from THC was the tool, but no succes on this atack. also tried the tsgrinder for terminal services , but no success. well here come some questions: - What others Usernames should i try for sql and terminal services? i tried whit "sa" for sql and "Administrator" for TS - Any one knows how could i identify what version of sql server is running. - What other services of this host can be exploited? any comments, ideas, suggestions would be greatly appreciated. Hugo Vinicius Garcia Razera
Current thread:
- pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Hugo Vinicius Garcia Razera (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Kevin Reiter (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Aaron Oh (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Chip Andrews (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Andres Riancho (Jun 07)
- Injecting commands into a mainframe through a servlet Frederic Charpentier (Jun 08)
- RE: Injecting commands into a mainframe through a servlet Jason Muskat (Jun 08)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Leandro Reox (Jun 09)
- Injecting commands into a mainframe through a servlet Frederic Charpentier (Jun 08)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Tomasz Piotr Palarz (Jun 09)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Hugo Vinicius Garcia Razera (Jun 10)
(Thread continues...)