Penetration Testing mailing list archives

Re: Solaris Beginner

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 6 Jan 2010 20:23:04 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Long before anyone guides this person in hacking a solaris systems adviceon unix systems would be the best route perhaps, recommend something likeunix in a nutshell for starters. And perhaps loading up a system withlinux to get an understanding of the difference tween windows and aunix-ish setting.



Thanks,

Ron DuFresne


On Wed, 6 Jan 2010, David Howe wrote:

pma111 wrote:

Is it possible to access data from a Solaris Server on Windows XP machine? If
so could you provide tools or strategies to accomplish this. I've heard of
SAMBA but would prefer some detail on how this works, i.e a share on the
Solaris box would have to be a SAMBA share would it not? Is it possible to
access data on a solaris server from a windows machine in the same active
directory domain, but without any specialist software?


Sure. protocols supported by default on solaris would be sftp (scp) and
nfs. there are tools to mount nfs shares on xp machines, plus of course
there are tools like winscp, filezilla etc to access ssh based file
transfer methods.

solaris can have ftp, and often does; any web browser can access that
obviously. SAMBA running on solaris will offer windows style "shares"
but isn't available by default (you would need to install that yourself)

I have a copy of the /etc/shadow/ file from the Solaris Server which
contains the encrypted passwords but I cannot find any Windows based
crackers that will crack these passwords.


I think you need some sort of "hacking unix 101" which is a bit detailed
to try and relay here. the canonical tool for brute force attempts
against /etc/shadow is "john the ripper". This is usually a unix/linux
tool (given what you are attacking, that's expected) but there are win32
builds.

I also dont know what client
software would be required to access data on the Server from a Windows
machine even if I do decrypt some weak passwords? Did see some mention of
Putty but am unfamiliar with this or SAMBA. I also assume that any "open
file shares" on the Solaris box wont be mappable or reachable to a windows
machine, as is the case on win2k and windows 2003 servers, when all you need
is my network places and hope some of the shares hav been given the deadly
"everyone acl" in NTFS? I appreciate Solaris uses a totally different file
system to NTFS but I assume you can share directories with anyone on the
network if desired? Any tips on accessing data on this Server from Windows
much appreciated.


I think you are probably better starting off with a basic "how linux
works" book and a spare machine booting from a live cd distro; not only
then can you become familiar with the access tools and processes, but
there are a number of packages useful for pentesting *only* available
for unix/linux, which you should familiarize youself with.

Out of interest, what are the mailing lists views on Security of a Solaris
Server if every user on the internal network only have windows machines?
Even if there is a weak password or open file share on the Solaris Server,
without specialist software is it fair to say the windows users still
wouldnt be able to get hold of data on the Server, or is that a very naive
view on things?


very naive - putty is small enough to fit on a floppy and requires no
installation or administration rights to run.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

- --~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame.    --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFLRTd7st+vzJSwZikRAtr+AJ9eF6f8lTp8ob2HtdhEuauNCjH0sACeIR47
tYszkVe8O4My73KVO7d7y3Q=
=zXfl
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Solaris Beginner pma111 (Jan 05)
- Re: Solaris Beginner Alexander Klimov (Jan 06)
- Re: Solaris Beginner Chris Brenton (Jan 06)
- Re: Solaris Beginner Alex Moen (Jan 06)
- Re: Solaris Beginner David Howe (Jan 06)
  - Re: Solaris Beginner R. DuFresne (Jan 11)
- Re: Solaris Beginner Robert Portvliet (Jan 06)
- Re: Solaris Beginner Davegu1 (Jan 06)
- Re: Solaris Beginner Todd Haverkos (Jan 06)
- <Possible follow-ups>
- Re: Solaris Beginner lukasz (Jan 06)