Penetration Testing mailing list archives
RE: Pentest - ISA server
From: "Christopher M" <m () md3v com>
Date: Tue, 31 Aug 2010 13:14:03 +0700
I've witnessed this sort of behavior when a Untangle box (www.untangle.com) was in place in front of ISA acting as a unified threat management bridge. It acts as a catch all for inbound traffic. Christopher. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ravipriya Thushara Sent: Sunday, August 29, 2010 11:09 PM To: Boyd, Chad Cc: Kurt M. John; <pen-test () securityfocus com> Subject: Re: Pentest - ISA server I too think there is an IPS at the network boundary other than an ISA server. That's why it drops connections in both directions(IPS inspects both inbound and outbound traffic). I'm interested in what have over 50000 open ports. I have no idea about it and why is it doing so. On 8/29/10, Boyd, Chad <CBoyd () madden com> wrote:
From your description, it sounds like they have more than just ISA. I'd
say
that they also might have an IPS in place. Try scanning a Checkpoint 7.0+ system with the IPS blade running, and
you're
likely to see similar things. On Aug 28, 2010, at 6:52 PM, "Kurt M. John" <kurt.md.john () gmail com>
wrote:
Hey guys, I have a question but I wanted to share this part with you first. I'm doing a pentest for a client (scope includes several places including a library) and its been all types of fun actually. Yesterday I posed as a library patron. I went through about 3 library computers that all had bios passwords on them but I finally found one that didn't. So I rebooted the computer that had no bios password to backtrack(installed on a usb key) and got the sam file and quickly emailed it to myself. I then copied netcat to the local drive. The plan was to reboot the machine in windows and attempt run netcat as a listener but library staff began to get suspicious when they saw an operating system that they didn't know so I had to make a quick exit. I'll head back there on monday when things quiet down. I was able to crack the sam file and get the admin password so i'm good. ...figured I'd share that. Now for my real question. They have some ISA servers that take care of all outgoing and incoming traffic. I ran nmap on them and at least one of them have over 50000 open ports. Subsequently, I ran fast-track and had quite a few bind exploits but the ISA server drops the connection. Tried to run fast-track using reverse connections but no luck. I essentially want to know; in your experiences, do you see ISA servers with that many ports open. Trying to figure out if that's a finding What do you guys think? Kurt M. John, CISA, C|EH, CPT http://www.applisoft.net ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review
Board
Prove to peers and potential employers without a doubt that you can
actually
do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentest - ISA server Kurt M. John (Aug 28)
- Re: Pentest - ISA server Boyd, Chad (Aug 28)
- Re: Pentest - ISA server Ravipriya Thushara (Aug 30)
- RE: Pentest - ISA server Christopher M (Aug 31)
- Re: Pentest - ISA server Ravipriya Thushara (Aug 30)
- Re: Pentest - ISA server Paul Melson (Aug 30)
- Message not available
- Re: Pentest - ISA server TAS (Aug 30)
- Re: Pentest - ISA server Boyd, Chad (Aug 28)
- Re: Pentest - ISA server Volker Tanger (Aug 30)