Home page logo

pauldotcom logo PaulDotCom mailing list archives

pentest with physical access
From: infolookup at gmail.com (infolookup at gmail.com)
Date: Fri, 3 Apr 2009 23:36:11 +0000

Visit SANS reading room, pauldotocm forums, irongeek's website, and yes remotexploit forum and irc grab a copy of 
BackTrack, and go crazy on the wiki.

My 0.02
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Vincent Lape <vlape at me.com>

Date: Fri, 03 Apr 2009 13:59:40 
To: PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com>
Cc: <pauldotcom at mail.pauldotcom.com>
Subject: Re: [Pauldotcom] pentest with physical access

Might want to take a visit over to forums.hak5.org and visit the noob section.

On Friday, April 03, 2009, at 12:41PM, "Milan ______" <milan2314 at hotmail.com> wrote:

First of all: apologizes for my bad english; it is not my native language.

I need some help with a pen-test, while I have physical access to the network.
As a security-enthusiast, my boss asked my to do a pen-test and show the vulnerabilities within their network.
Despite that I m not a pentester, I go for this challenge.
I know a little bit about this subject, and Im used to work with Linux (Ubuntu).
Can someone point me in the right direction?

I have physical access to the computers (normal user-account) with Windows XP SP2. 
The public computers have some restrictions (disabled cmd.exe, msconfig, taskmanager) but I can open a command shell 
with a portable version of cmd.exe on a pendrive. Also it was possible to run batch-files. And it is also possible to 
run a portable registry editor.

I gathered information with netstat, tasklist, net view, etc.
I should say that doing a pentest is much easier with this information en with physical access to their 
computers/network. But I need some help after I did some 'pentesting-things'

With nmap I scanned the ports at their public IP, but they are all closed/filtered.
The public computers within their network are behind a proxy, but the computers from the employees have a direct 
access to the internet (no proxy).
I gathered some usernames, and used Hydra with a large wordlist to Brute Force them. But not succeeded.Also tried to 
place a version of netcat on their systemdrive, but that was not possible because of restrictions.

What can I do more? I do not have experience with tools like metasploit, do I need to learn more about this subject? 
Please point me in the right direction.

Thanks in advance 
Express yourself instantly with MSN Messenger! Download today it's FREE!
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]