Penetration Testing mailing list archives
Re: Solaris Beginner
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Tue, 05 Jan 2010 06:23:41 -0500
On Mon, 2010-01-04 at 09:08 -0800, pma111 wrote:
Is it possible to access data from a Solaris Server on Windows XP machine?
Absolutely. You have a number of possibilities, SAMBA and Solaris SMB probably being the best choices. See section 9.14 here for setup info: http://www.sun.drydog.com/faq/9.html As for dealing with authentication, see here: http://wikis.sun.com/display/SecureGlobalDesktop/HOWTO+Use+Active +Directory+as+a+Solaris+Authentication+Source
If so could you provide tools or strategies to accomplish this. I've heard of SAMBA but would prefer some detail on how this works, i.e a share on the Solaris box would have to be a SAMBA share would it not?
Correct.
Is it possible to access data on a solaris server from a windows machine in the same active directory domain, but without any specialist software?
Not really. The systems default to different communication protocols. You have to load something that will permit them to speak a common protocol.
I have a copy of the /etc/shadow/ file from the Solaris Server which contains the encrypted passwords but I cannot find any Windows based crackers that will crack these passwords.
First, what hash method are you using? I have not mucked with Solaris in a while, but the last I checked it still defaulted to the insecure crypt() hash, which limits passwords to 8 characters. MD5 and Blowfish are also options, but you have to enable them. Check your /etc/security/crypt.conf file to be sure. As for crackers, if you are using Crypt or MD5 pretty much anything will work (John the Ripper, Cain & Able, Crack, etc. etc. etc. etc.). Just out of curiosity, you did unshadow the file before trying to crack it, correct? If not that would give you trouble as well.
I also dont know what client software would be required to access data on the Server from a Windows machine even if I do decrypt some weak passwords?
With a proper setup you should not need to crack any passwords. Just sync the Solaris box to AD as described in the link I gave you above.
Did see some mention of Putty but am unfamiliar with this or SAMBA.
Putty is a Telnet/SSH client. You can use it to access either service if it is running on the Solaris box.
I also assume that any "open file shares" on the Solaris box wont be mappable or reachable to a windows machine, as is the case on win2k and windows 2003 servers, when all you need is my network places and hope some of the shares hav been given the deadly "everyone acl" in NTFS?
If the shares are setup properly, they should be mappable. A good SAMBA setup looks like a regular Windows server to the typical end user.
I appreciate Solaris uses a totally different file system to NTFS but I assume you can share directories with anyone on the network if desired? Any tips on accessing data on this Server from Windows much appreciated.
SAMBA (or Solaris SMB) will let you define the level of access you want to permit. Again, the links above will give you more info.
Out of interest, what are the mailing lists views on Security of a Solaris Server if every user on the internal network only have windows machines?
The Windows systems are beside the point. The security of the Solaris system will depend on who locked it down and how good of a job they did. With that said, my experience has been that when you find a single UNIX type system on a network, it was typically setup by the Windows Admin who may not be 100% clueful when it comes to UNIX type security.
Even if there is a weak password or open file share on the Solaris Server, without specialist software is it fair to say the windows users still wouldnt be able to get hold of data on the Server, or is that a very naive view on things?
I'm reminded of Adrian Lamo, who came to fame from being able to break into just about anything using nothing more than a public access Web browsers. ;-) If the person knows what they are doing, the platform mix is a non-issue. You can go quite far with Netcat and some skills. HTH, C -- www.chrisbrenton.org ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Solaris Beginner pma111 (Jan 05)
- Re: Solaris Beginner Alexander Klimov (Jan 06)
- Re: Solaris Beginner Chris Brenton (Jan 06)
- Re: Solaris Beginner Alex Moen (Jan 06)
- Re: Solaris Beginner David Howe (Jan 06)
- Re: Solaris Beginner R. DuFresne (Jan 11)
- Re: Solaris Beginner Robert Portvliet (Jan 06)
- Re: Solaris Beginner Davegu1 (Jan 06)
- Re: Solaris Beginner Todd Haverkos (Jan 06)
- <Possible follow-ups>
- Re: Solaris Beginner lukasz (Jan 06)