Penetration Testing mailing list archives

Re: [PEN-TEST] Hypothetical Wargaming

From: Danny DS Stieler <d.stieler () lycos com>
Date: Sat, 7 Oct 2000 15:06:55 -0700

err. hypothetical.. yeah right :).

Anyway, you might want to check out with the common "exploits" archives, such as hack.co.za (temp down), 
securityfocus.com
or packetstorm.securify.com, once you identified the operating systems
and the services. You might wanna check out microsoft.com and cert.org for more info. A great admin scanner is ISS 
(iss.net), it leaves really _bad_ logs, so its not for ilegal use :)

Go get them!

--

On Sat, 7 Oct 2000 11:52:36
 H Carvey wrote:

Assume you're given a pen test.  All you have is a
domain name.  A couple of quick checks tell you
that the systems in question are Win32 machines.

Your goal is to "tag" a file.  No DoS allowed.

IIS, Exchange, and MS DNS are being used.

What steps do you take?  At each step, what do you
hope to gain, and what programs/scripts/techniques
do you use (give program name, and command line
switches/GUI options)?

At each step, assume both NT and Win2K.



10% cash back on all your calls through 2000 at Lycos Communications at
http://comm.lycos.com

Current thread:

[PEN-TEST] Hypothetical Wargaming H Carvey (Oct 07)
- Re: [PEN-TEST] Hypothetical Wargaming Mark Teicher (Oct 09)
- Re: [PEN-TEST] Hypothetical Wargaming Etaoin Shrdlu (Oct 11)
  - Re: [PEN-TEST] Hypothetical Wargaming Bennett Todd (Oct 11)
  - Re: [PEN-TEST] Hypothetical Wargaming van der Kooij, Hugo (Oct 12)
- <Possible follow-ups>
- Re: [PEN-TEST] Hypothetical Wargaming Dunker, Noah (Oct 09)
  - Re: [PEN-TEST] Hypothetical Wargaming Deus, Attonbitus (Oct 10)
- Re: [PEN-TEST] Hypothetical Wargaming Danny DS Stieler (Oct 09)
- Re: [PEN-TEST] Hypothetical Wargaming H Carvey (Oct 11)
  - Re: [PEN-TEST] Hypothetical Wargaming Deus, Attonbitus (Oct 11)