Penetration Testing: Re: [PEN-TEST] RAS PT

[H Carvey <keydet89 () YAHOO COM>]

Starting w/ the Pen Test part of the question first...

Pen testing an NT box is both fun and easy.  Check 
the base o/s for services...if port 139 is open, perform 
null session enumeration.  This will give you a lot of 
information that you can use to plan your advance 
into the box itself...usernames, user last logon times, 
etc.  You can even get the main Admin account, even 
if they've changed the name...and you can see what 
accounts are disabled, what groups the accounts are 
in, etc.  You can also get the Domain Account 
Policy...which will tell you the account lockout 
threshold.  From there, you can attempt brute force 
login attempts...start w/ blank, "password", the 
username, etc.

Then check for other services...web server, FTP, 
anything else.  Also look for trojans, VNC, 
pcAnywhere, etc.

Securing an NT box:
1.  Registry settings.
2.  ACLs on files/dirs, Reg keys, shares, etc.
3.  Disable all unused and unnecessary services.  If 
you don't need file sharing, turn off the Server service.
4.  Enable strong password functionality.
5.  Enable auditing...in a way that makes sense for 
the box.  Then set up a process for collecting, 
reviewing and archiving the EventLogs.
6.  Only give accounts the level of access they need.  
If you have someone who is an Account Operator, 
audit User and Group Acct Management.

A lot, if not all of this...pen testing, exploiting, and 
securing...can be done via Perl.  For an excellent 
example of this, go to the ForixNT site at 
http://www.forixnt.com.  There are free tools 
available, as well.  Check it out.