Penetration Testing mailing list archives

Windows Internationalization?

From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 18 Nov 2009 16:00:35 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have been approached about doing a pen test job that would involve a target
organization whose native character set is not ASCII. So, I have a few questions
and would appreciate some pointers to help me decide if I really want this
assignment.

Questions that immediately come to mind are:
1) On a Windows system that uses a non-ASCII character set (Chinese, Arabic,
Russian, etc.), how does that effect Windows?
   -- Are registry key names still ASCII? Key values still ASCII?
   -- Are Windows directories still ASCII?
   -- Are Windows file names still ASCII? English language file names?
   -- Are there any differences in how internationalization works between
Windows versions, such as W2K3 and XP/Vista?
   -- Are standard user names such as "administrator" and "guest" still ASCII,
or have they been internationalized, too?
   -- Are file extensions (.exe .bat .ini, etc.) still ASCII or have they been
internationalized?
   -- Are INI file contents ASCII or internationalized?
   -- Any changes to the SAM file? (Will pwdump still work against it?)
I guess the bottom line is, what gets changed and what is left in ASCII on an
internationalized Windows box?

2) Are there any tools that have been customized for use with non-ASCII
character sets, such as non-ASCII nikto databases?

3) What are the issues that I should be aware of when pen testing an
internationalized target? I would be working with a native speaker of the
language who is a sys admin, but not a security expert. (Unfortunately, I would
not get to speak to them until after I agree to the assignment!)

Most of the stuff I find when googling the subject gives links to old pages that
really do not give much specific information.

Thoughts, comments, suggestions?

Thanks in advance for any/all help!

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
s: JonRKibler
e: Jon.Kibler () aset com
e: Jon.R.Kibler () gmail com
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksEYHMACgkQUVxQRc85QlMmUACfeaUvnSiYJBTG4cJ0jSnDKHkd
zNkAn3SxetV7AV1z4uN/FzD89oaeNo24
=XVHd
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Windows Internationalization? Jon Kibler (Nov 19)
- Re: Windows Internationalization? Robert Portvliet (Nov 23)
- Re: Windows Internationalization? τ∂υƒιφ * (Nov 30)