Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

pentest with physical access
From: infolookup at gmail.com (infolookup at gmail.com)
Date: Fri, 3 Apr 2009 23:36:11 +0000

Visit SANS reading room, pauldotocm forums, irongeek's website, and yes remotexploit forum and irc grab a copy of 
BackTrack, and go crazy on the wiki.

My 0.02
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Vincent Lape <vlape at me.com>

Date: Fri, 03 Apr 2009 13:59:40 
To: PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com>
Cc: <pauldotcom at mail.pauldotcom.com>
Subject: Re: [Pauldotcom] pentest with physical access


Might want to take a visit over to forums.hak5.org and visit the noob section.

 
On Friday, April 03, 2009, at 12:41PM, "Milan ______" <milan2314 at hotmail.com> wrote:

First of all: apologizes for my bad english; it is not my native language.

I need some help with a pen-test, while I have physical access to the network.
As a security-enthusiast, my boss asked my to do a pen-test and show the vulnerabilities within their network.
Despite that I m not a pentester, I go for this challenge.
I know a little bit about this subject, and Im used to work with Linux (Ubuntu).
Can someone point me in the right direction?

I have physical access to the computers (normal user-account) with Windows XP SP2. 
The public computers have some restrictions (disabled cmd.exe, msconfig, taskmanager) but I can open a command shell 
with a portable version of cmd.exe on a pendrive. Also it was possible to run batch-files. And it is also possible to 
run a portable registry editor.

I gathered information with netstat, tasklist, net view, etc.
I should say that doing a pentest is much easier with this information en with physical access to their 
computers/network. But I need some help after I did some 'pentesting-things'

With nmap I scanned the ports at their public IP, but they are all closed/filtered.
The public computers within their network are behind a proxy, but the computers from the employees have a direct 
access to the internet (no proxy).
I gathered some usernames, and used Hydra with a large wordlist to Brute Force them. But not succeeded.Also tried to 
place a version of netcat on their systemdrive, but that was not possible because of restrictions.

What can I do more? I do not have experience with tools like metasploit, do I need to learn more about this subject? 
Please point me in the right direction.

Thanks in advance 
Milan
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]