|
Penetration Testing
mailing list archives
RE: penetration test in a Windows 2000/NT network
From: "Ballowe, Charles" <CBallowe () usg com>
Date: Wed, 14 May 2003 16:11:27 -0500
This sounds like a test from within the company. As it seems that
you will have physical access to facilities etc, would it be possible
for you to install something like a hardware key logger on a network
administrators workstation?
If someone has physical access to the LAN, I don't see why they couldn't
place devices on peoples systems. It may violate the rules for this
particular pen-test, but is something to think about. I see that you've
specified that physical access to Win2k systems is possible, and are
interested in not modifying the administrator account -- hardware keyloggers
seem like an ideal solution.
What about wireless sniffers? Does the target use any wireless networking
at their facility?
-----Original Message-----
From: heron heron [mailto:h.heron () firemail de]
Sent: Wednesday, May 14, 2003 8:30 AM
To: pen-test () securityfocus com
Subject: penetration test in a Windows 2000/NT network
Hi,
I will accomplish a penetration test in a Windows 2000/NT
network shortly. A
goal is to get confidential information (files) and if
possible get admin
rights. I will be with my computers in the LAN. A computer
for normal uses (thus
no Admin access) is likewise put to me at the disposal.
Is there a possibility on a Windows 2000 computers (physical
access is possible)
to attain admin rights without to overwrite the admin
account. Background: I
would like try to crack the password of the local admin (e.g.
by means of pwdump
and John). There ist the possibility that all admin passwords
(also for the
domain) is alike.
Is there a tool, with which I can crack NTLMv2 hashes.
Background: I will try to
sniff hashes during the registration at the DC (e.g. CAIN,
ettercap) and to
crack them. Unfortunately me is still no tool known in order
to crack NTLMv2
hashes.
A further possibility at to come to information, would be the
employment of a
SMB Proxy. By ARP Spoofing it would be nevertheless
theoretically possible to
intercept the LM/NTLM(v1/v2) authentication . Then the
attacker could itself
instead announce at the server. Does it give there already
such a Tool?
Who has suggestions? For Tools please give always in the Web
URL (if possible of
the programmer).
Greeting
Heron
__________________________________________________________________
Arcor-DSL Flatrate - jetzt kostenlos einsteigen und bis zu
76,18 Euro sparen!
Arcor-DSL gibt es jetzt auch mit bis zu 1500 Mbit/s
Downstream!
http://www.angebot.arcor.net/cgi-bin/angebot.cgi?key=b13e92247022
---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- RE: penetration test in a Windows 2000/NT network, (continued)
|
Intro
