Penetration Testing mailing list archives
Re: Pentest - ISA server
From: Paul Melson <pmelson () gmail com>
Date: Sat, 28 Aug 2010 21:33:33 -0400
On Sat, Aug 28, 2010 at 12:56 PM, Kurt M. John <kurt.md.john () gmail com> wrote:
Now for my real question. They have some ISA servers that take care of all outgoing and incoming traffic. I ran nmap on them and at least one of them have over 50000 open ports. Subsequently, I ran fast-track and had quite a few bind exploits but the ISA server drops the connection. Tried to run fast-track using reverse connections but no luck. I essentially want to know; in your experiences, do you see ISA servers with that many ports open. Trying to figure out if that's a finding
ISA Server is a proxy firewall, so TCP port scanning (3-way or SYN) will result in lots of false positives like what you're seeing. Libraries in the US are required to comply with CIPA, so the ISA Server's primary purpose is most likely to filter adult web content. It may also support remote access to the library's network, so rather than trying to phone home from a compromised workstation (that is probably turned off at close and rebooted multiple times a day), you may try using PPTP or L2TP to connect to it from the Internet with the password you've already found. If it doesn't support VPN client connections, then it's a lousy target anyway. Keep moving. The far more interesting stuff is the library catalog system and the point of sale system. Hard to say which one would be more devastating to them if you pwned it, but coming up with library members' book loan history or credit card information will raise more eyebrows than pwning the porn filter. Good luck! PaulM PS - I highly recommend Tom Shinder's books and web site as a resource for more information on Microsoft ISA Server. http://www.isaserver.org/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentest - ISA server Kurt M. John (Aug 28)
- Re: Pentest - ISA server Boyd, Chad (Aug 28)
- Re: Pentest - ISA server Ravipriya Thushara (Aug 30)
- RE: Pentest - ISA server Christopher M (Aug 31)
- Re: Pentest - ISA server Ravipriya Thushara (Aug 30)
- Re: Pentest - ISA server Paul Melson (Aug 30)
- Message not available
- Re: Pentest - ISA server TAS (Aug 30)
- Re: Pentest - ISA server Boyd, Chad (Aug 28)
- Re: Pentest - ISA server Volker Tanger (Aug 30)