Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services

From: Tomasz Piotr Palarz <tpalar1 () uic edu>
Date: Thu, 9 Jun 2005 13:08:49 -0500 (CDT)

If somebody mentioned this and I missed it, sorry. Nmap has version
scanning that seems to work pretty well, at least for the box running
sendmail and apache that I tried it on. Don't know about mssql, though.

http://www.insecure.org/nmap/versionscan.html

Just 2c from and "aspiring" security professional.

--
Tomasz Piotr Palarz
Computer Science Undergraduate
University of Illinois at Chicago

On Tue, 7 Jun 2005, Hugo Vinicius Garcia Razera wrote:


Hi every one, I'm doing a pen test on a client, and have found that he
have a windows 2003 server box on one segment of his public addresses
this is his dns/web/mail server:

- mssql :1433
- terminal services :3389
- iis 6 :80
- smtp :25
- pop3 :110
- dns : 53
- ftp : filtered

ports opened, i logged on the terminal services port whit the winxp
remote desktop utility and it connects perfectly.

i tried a dictionari atack on mssql server whit the "sa" account and
others user names i collected.
 Hydra from THC was the tool, but no succes on this atack.
also tried the tsgrinder for terminal services , but no success.


well here come some questions:

- What others Usernames should i try for sql and terminal services?
  i tried whit "sa" for sql and "Administrator" for TS

- Any one knows how could i identify what version of sql server is running.
- What other services of this host can be exploited?

any comments, ideas, suggestions would be greatly appreciated.

Hugo Vinicius Garcia Razera
Previous By Date Next
Previous By Thread Next

Current thread: