Re: [Full-disclosure] OT: Looking for hacker who can do anOutlookExpress extension library

From: Valdis.Kletnieks@xxxxxx
Date: Sun, 30 Jul 2006 17:20:14 -0400

On Sun, 30 Jul 2006 22:28:17 +0200, Pablo Roberto Garcia said:

I am doing a pen-test on window Machines 2003 server, I have already
detected at least 5 services running. 80I-IS 6.0 135-RPC,3389-Ts, ProFTP,
SMTP, VNC...etc.

It is running as File server and have different share folders.

I'd like if someone knows tool to try to exploit the vulnerabilities.

I am using Nessus for Debian Machine and as well Window Machine.

Could you give me anyone any ideas or tricks ?

If it's a proper pen test, you should have enough info already to determine
if the machine has improper trust relationships set up. If you don't know
what that means, you shouldn't be doing a pen test, and if you don't have
the info, you should be talking to the people that are paying you.

And if you're not on a proper pen test, note that we know where you are,
even if you're trying to hide behind a GMail account. :)

Attachment: pgpfFmEp2ybFE.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- RE: [Full-disclosure] OT: Looking for hacker who can do an OutlookExpress extension library
  - From: y0himba
- Re: [Full-disclosure] OT: Looking for hacker who can do anOutlookExpress extension library
  - From: Aaron Gray
- Re: [Full-disclosure] OT: Looking for hacker who can do anOutlookExpress extension library
  - From: Pablo Roberto Garcia

Prev by Date: Re: [Full-disclosure] OT: Looking for hacker who can do anOutlookExpress extension library
Next by Date: [Full-disclosure] Yahoo security consultant shrugs off Yahoo Finance defacement
Previous by thread: Re: [Full-disclosure] OT: Looking for hacker who can do anOutlookExpress extension library
Next by thread: [Full-disclosure] Ajax Chat Multiple Vulnerabilities
Index(es):
- Date
- Thread

Relevant Pages

Re: Cross testing exploit with vulnerability scan results
... vulnerabilities that a vulnerability scanner identifies. ... You need to know and trust your vulnerability scanner to do what you ... But a pen test is not about finding negatives: ... anything from a vulnerability scan (but no followup penetration attempts) ...
(Pen-Test)
Re: What a security test should do?- from thinking about: Ethical Hacking Training
... > What does a pen test fail to provide? ... > what someone needs to know to be a security manager, CISO, or security ... vuln assessments take ... does not exploit found vulnerabilities. ...
(Pen-Test)
RE: best Win2K based compact Pen Test tool set.?
... I think there is a Linux CDROM with NESSUS on it. ... best Win2K based compact Pen Test tool set.? ... three boxes I cary with me a nessus server, a win2K client with SSH to ...
(Pen-Test)
RE: Why Penetration Test?
... all possible vulnerabilities. ... will attempt a Pen Test. ... did a good job applying fixes or if the weakness is in the IT dept ...
(Pen-Test)
Re: VoIP
... Nessus says its Cisco IOS. ... Can someone suggest the next logical step for doing the pen test on this server? ...
(Security-Basics)