Re: Solaris Beginner

[Robert Portvliet <robert.portvliet () gmail com>]

It all depends what services are running on the machine, you can
certainly access data on a Solaris machine from Windows using SMB,
FTP, Telnet, SSH ,etc.

I would suggest running a port scan of the machine & see what's open.

As far as cracking passwords, you can use John the Ripper, you're
going to need to copy  /etc/passwd & /etc/shadow into a directory, run
the unshadow utitlity from JTR against them and then you can load the
hashes into JTR.



On Mon, Jan 4, 2010 at 12:08 PM, pma111 <pmaneedham () hotmail com> wrote:
> Is it possible to access data from a Solaris Server on Windows XP machine? If
> so could you provide tools or strategies to accomplish this. I've heard of
> SAMBA but would prefer some detail on how this works, i.e a share on the
> Solaris box would have to be a SAMBA share would it not? Is it possible to
> access data on a solaris server from a windows machine in the same active
> directory domain, but without any specialist software?
>
> I have a copy of the /etc/shadow/ file from the Solaris Server which
> contains the encrypted passwords but I cannot find any Windows based
> crackers that will crack these passwords. I also dont know what client
> software would be required to access data on the Server from a Windows
> machine even if I do decrypt some weak passwords? Did see some mention of
> Putty but am unfamiliar with this or SAMBA. I also assume that any "open
> file shares" on the Solaris box wont be mappable or reachable to a windows
> machine, as is the case on win2k and windows 2003 servers, when all you need
> is my network places and hope some of the shares hav been given the deadly
> "everyone acl" in NTFS? I appreciate Solaris uses a totally different file
> system to NTFS but I assume you can share directories with anyone on the
> network if desired? Any tips on accessing data on this Server from Windows
> much appreciated.
>
> Out of interest, what are the mailing lists views on Security of a Solaris
> Server if every user on the internal network only have windows machines?
> Even if there is a weak password or open file share on the Solaris Server,
> without specialist software is it fair to say the windows users still
> wouldnt be able to get hold of data on the Server, or is that a very naive
> view on things?
> --
> View this message in context: http://old.nabble.com/Solaris-Beginner-tp27015916p27015916.html
> Sent from the Penetration Testing mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------