Penetration Testing mailing list archives
Re: Pentest - ISA server
From: "Boyd, Chad" <CBoyd () madden com>
Date: Sun, 29 Aug 2010 00:07:56 +0000
From your description, it sounds like they have more than just ISA. I'd say that they also might have an IPS in place.
Try scanning a Checkpoint 7.0+ system with the IPS blade running, and you're likely to see similar things. On Aug 28, 2010, at 6:52 PM, "Kurt M. John" <kurt.md.john () gmail com> wrote:
Hey guys, I have a question but I wanted to share this part with you first. I'm doing a pentest for a client (scope includes several places including a library) and its been all types of fun actually. Yesterday I posed as a library patron. I went through about 3 library computers that all had bios passwords on them but I finally found one that didn't. So I rebooted the computer that had no bios password to backtrack(installed on a usb key) and got the sam file and quickly emailed it to myself. I then copied netcat to the local drive. The plan was to reboot the machine in windows and attempt run netcat as a listener but library staff began to get suspicious when they saw an operating system that they didn't know so I had to make a quick exit. I'll head back there on monday when things quiet down. I was able to crack the sam file and get the admin password so i'm good. ...figured I'd share that. Now for my real question. They have some ISA servers that take care of all outgoing and incoming traffic. I ran nmap on them and at least one of them have over 50000 open ports. Subsequently, I ran fast-track and had quite a few bind exploits but the ISA server drops the connection. Tried to run fast-track using reverse connections but no luck. I essentially want to know; in your experiences, do you see ISA servers with that many ports open. Trying to figure out if that's a finding What do you guys think? Kurt M. John, CISA, C|EH, CPT http://www.applisoft.net ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentest - ISA server Kurt M. John (Aug 28)
- Re: Pentest - ISA server Boyd, Chad (Aug 28)
- Re: Pentest - ISA server Ravipriya Thushara (Aug 30)
- RE: Pentest - ISA server Christopher M (Aug 31)
- Re: Pentest - ISA server Ravipriya Thushara (Aug 30)
- Re: Pentest - ISA server Paul Melson (Aug 30)
- Message not available
- Re: Pentest - ISA server TAS (Aug 30)
- Re: Pentest - ISA server Boyd, Chad (Aug 28)
- Re: Pentest - ISA server Volker Tanger (Aug 30)