Penetration Testing mailing list archives
Re: Pentest - ISA server
From: TAS <p0wnsauc3 () gmail com>
Date: Tue, 31 Aug 2010 06:31:14 +0530
Hi, Having 50000 ports of the 65535 ports is highly unlikely. To me, the result has high amount of false positive. To be really sure that the ISA is exhibiting such a behavior, run nmap and wireshark and see to it that the response is indeed coming from the ISA proxy and not from any other device that is sitting in between your system and the ISA proxy. Hope that helps. Cheers TAS On 28 August 2010 22:26, Kurt M. John <kurt.md.john () gmail com> wrote:
Hey guys, I have a question but I wanted to share this part with you first. I'm doing a pentest for a client (scope includes several places including a library) and its been all types of fun actually. Yesterday I posed as a library patron. I went through about 3 library computers that all had bios passwords on them but I finally found one that didn't. So I rebooted the computer that had no bios password to backtrack(installed on a usb key) and got the sam file and quickly emailed it to myself. I then copied netcat to the local drive. The plan was to reboot the machine in windows and attempt run netcat as a listener but library staff began to get suspicious when they saw an operating system that they didn't know so I had to make a quick exit. I'll head back there on monday when things quiet down. I was able to crack the sam file and get the admin password so i'm good. ...figured I'd share that. Now for my real question. They have some ISA servers that take care of all outgoing and incoming traffic. I ran nmap on them and at least one of them have over 50000 open ports. Subsequently, I ran fast-track and had quite a few bind exploits but the ISA server drops the connection. Tried to run fast-track using reverse connections but no luck. I essentially want to know; in your experiences, do you see ISA servers with that many ports open. Trying to figure out if that's a finding What do you guys think? Kurt M. John, CISA, C|EH, CPT http://www.applisoft.net ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentest - ISA server Kurt M. John (Aug 28)
- Re: Pentest - ISA server Boyd, Chad (Aug 28)
- Re: Pentest - ISA server Ravipriya Thushara (Aug 30)
- RE: Pentest - ISA server Christopher M (Aug 31)
- Re: Pentest - ISA server Ravipriya Thushara (Aug 30)
- Re: Pentest - ISA server Paul Melson (Aug 30)
- Message not available
- Re: Pentest - ISA server TAS (Aug 30)
- Re: Pentest - ISA server Boyd, Chad (Aug 28)
- Re: Pentest - ISA server Volker Tanger (Aug 30)