RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services

["Geoff Varosky" <GVarosky () grace-hunt com>]

Depending on the setup of the MSSQL server, try the DYNSA account

UN: DYNSA
PW: access 


Regards,
Geoff Varosky
 
Grace-Hunt Information Technology
1250 Hancock St., Suite 501S
Quincy, MA 02169
Cell:  781.439.4519
Office:  617.328.7100
Fax:  888.498.8548
IT Group:  206.600.GHIT
Web:  http://www.grace-hunt.com

-----Original Message-----
From: Hugo Vinicius Garcia Razera [mailto:hviniciusg () gmail com] 
Sent: Tuesday, June 07, 2005 7:01 PM
To: pen-test () securityfocus com
Subject: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services

Hi every one, I'm doing a pen test on a client, and have found that he have a windows 2003 server box on one segment of 
his public addresses this is his dns/web/mail server:

- mssql :1433
- terminal services :3389
- iis 6 :80
- smtp :25
- pop3 :110
- dns : 53
- ftp : filtered

ports opened, i logged on the terminal services port whit the winxp remote desktop utility and it connects perfectly.

i tried a dictionari atack on mssql server whit the "sa" account and others user names i collected.
 Hydra from THC was the tool, but no succes on this atack.
also tried the tsgrinder for terminal services , but no success.


well here come some questions:

- What others Usernames should i try for sql and terminal services?
  i tried whit "sa" for sql and "Administrator" for TS

- Any one knows how could i identify what version of sql server is running.
- What other services of this host can be exploited?

any comments, ideas, suggestions would be greatly appreciated.

Hugo Vinicius Garcia Razera

--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.5 - Release Date: 6/7/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.5 - Release Date: 6/7/2005