Penetration Testing mailing list archives
Re: Solaris Beginner
From: Robert Portvliet <robert.portvliet () gmail com>
Date: Tue, 5 Jan 2010 08:50:15 -0500
It all depends what services are running on the machine, you can certainly access data on a Solaris machine from Windows using SMB, FTP, Telnet, SSH ,etc. I would suggest running a port scan of the machine & see what's open. As far as cracking passwords, you can use John the Ripper, you're going to need to copy /etc/passwd & /etc/shadow into a directory, run the unshadow utitlity from JTR against them and then you can load the hashes into JTR. On Mon, Jan 4, 2010 at 12:08 PM, pma111 <pmaneedham () hotmail com> wrote:
Is it possible to access data from a Solaris Server on Windows XP machine? If so could you provide tools or strategies to accomplish this. I've heard of SAMBA but would prefer some detail on how this works, i.e a share on the Solaris box would have to be a SAMBA share would it not? Is it possible to access data on a solaris server from a windows machine in the same active directory domain, but without any specialist software? I have a copy of the /etc/shadow/ file from the Solaris Server which contains the encrypted passwords but I cannot find any Windows based crackers that will crack these passwords. I also dont know what client software would be required to access data on the Server from a Windows machine even if I do decrypt some weak passwords? Did see some mention of Putty but am unfamiliar with this or SAMBA. I also assume that any "open file shares" on the Solaris box wont be mappable or reachable to a windows machine, as is the case on win2k and windows 2003 servers, when all you need is my network places and hope some of the shares hav been given the deadly "everyone acl" in NTFS? I appreciate Solaris uses a totally different file system to NTFS but I assume you can share directories with anyone on the network if desired? Any tips on accessing data on this Server from Windows much appreciated. Out of interest, what are the mailing lists views on Security of a Solaris Server if every user on the internal network only have windows machines? Even if there is a weak password or open file share on the Solaris Server, without specialist software is it fair to say the windows users still wouldnt be able to get hold of data on the Server, or is that a very naive view on things? -- View this message in context: http://old.nabble.com/Solaris-Beginner-tp27015916p27015916.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Solaris Beginner pma111 (Jan 05)
- Re: Solaris Beginner Alexander Klimov (Jan 06)
- Re: Solaris Beginner Chris Brenton (Jan 06)
- Re: Solaris Beginner Alex Moen (Jan 06)
- Re: Solaris Beginner David Howe (Jan 06)
- Re: Solaris Beginner R. DuFresne (Jan 11)
- Re: Solaris Beginner Robert Portvliet (Jan 06)
- Re: Solaris Beginner Davegu1 (Jan 06)
- Re: Solaris Beginner Todd Haverkos (Jan 06)
- <Possible follow-ups>
- Re: Solaris Beginner lukasz (Jan 06)