penetration test in a Windows 2000/NT network

From: heron heron (h.heron_at_firemail.de)
Date: 05/14/03

Next message: Volker Tanger: "Re: Mail Server testing"

Previous message: Alfred Huger: "New SecurityFocus articles"
Next in thread: Mark Ng: "RE: penetration test in a Windows 2000/NT network"
Reply: Mark Ng: "RE: penetration test in a Windows 2000/NT network"
Reply: Michael Thumann: "Re: penetration test in a Windows 2000/NT network"
Reply: Chris Beek: "Re: penetration test in a Windows 2000/NT network"
Maybe reply: Ballowe, Charles: "RE: penetration test in a Windows 2000/NT network"
Maybe reply: Romes, Randall J.: "RE: penetration test in a Windows 2000/NT network"
Maybe reply: Herwig.Thyssens_at_ey.be: "RE: penetration test in a Windows 2000/NT network"
Reply: Razvan: "RE: penetration test in a Windows 2000/NT network"
Maybe reply: Matthew Wagenknecht: "RE: penetration test in a Windows 2000/NT network"
Reply: Anders Thulin: "Re: penetration test in a Windows 2000/NT network"
Maybe reply: H Carvey: "Re: penetration test in a Windows 2000/NT network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pen-test@securityfocus.com
Date: Wed, 14 May 2003 14:29:31 +0100

Hi,

I will accomplish a penetration test in a Windows 2000/NT network shortly. A
goal is to get confidential information (files) and if possible get admin
rights. I will be with my computers in the LAN. A computer for normal uses (thus
no Admin access) is likewise put to me at the disposal.

Is there a possibility on a Windows 2000 computers (physical access is possible)
to attain admin rights without to overwrite the admin account. Background: I
would like try to crack the password of the local admin (e.g. by means of pwdump
and John). There ist the possibility that all admin passwords (also for the
domain) is alike.

Is there a tool, with which I can crack NTLMv2 hashes. Background: I will try to
sniff hashes during the registration at the DC (e.g. CAIN, ettercap) and to
crack them. Unfortunately me is still no tool known in order to crack NTLMv2
hashes.

A further possibility at to come to information, would be the employment of a
SMB Proxy. By ARP Spoofing it would be nevertheless theoretically possible to
intercept the LM/NTLM(v1/v2) authentication . Then the attacker could itself
instead announce at the server. Does it give there already such a Tool?

Who has suggestions? For Tools please give always in the Web URL (if possible of
the programmer).

Greeting
Heron

__________________________________________________________________
Arcor-DSL Flatrate - jetzt kostenlos einsteigen und bis zu 76,18 Euro sparen!
Arcor-DSL gibt es jetzt auch mit bis zu 1500 Mbit/s Downstream! http://www.angebot.arcor.net/cgi-bin/angebot.cgi?key=b13e92247022

---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------

Next message: Volker Tanger: "Re: Mail Server testing"

Previous message: Alfred Huger: "New SecurityFocus articles"
Next in thread: Mark Ng: "RE: penetration test in a Windows 2000/NT network"
Reply: Mark Ng: "RE: penetration test in a Windows 2000/NT network"
Reply: Michael Thumann: "Re: penetration test in a Windows 2000/NT network"
Reply: Chris Beek: "Re: penetration test in a Windows 2000/NT network"
Maybe reply: Ballowe, Charles: "RE: penetration test in a Windows 2000/NT network"
Maybe reply: Romes, Randall J.: "RE: penetration test in a Windows 2000/NT network"
Maybe reply: Herwig.Thyssens_at_ey.be: "RE: penetration test in a Windows 2000/NT network"
Reply: Razvan: "RE: penetration test in a Windows 2000/NT network"
Maybe reply: Matthew Wagenknecht: "RE: penetration test in a Windows 2000/NT network"
Reply: Anders Thulin: "Re: penetration test in a Windows 2000/NT network"
Maybe reply: H Carvey: "Re: penetration test in a Windows 2000/NT network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Granting all users Admin Rights
... I am a Network Admin for Cuesta College and we are dealing with the same ... Techs to go to install every little piece of software on users computers. ... I believe that giving users Power Users rights is the best way ...
(microsoft.public.win2000.security)
Re: Impact of removing administrative rights in an enterprise running XP
... the network admin is "Admin" of the network... ... they should only have/need the appropriate rights for their role in the firm. ... reporting mechanisms for software/patch installations whatsoever. ...
(Focus-Microsoft)
Re: Printer Problems
... he had the user rights to disable ... (default install behavior on xp), and it failed because DeskJet needs it ... If you create another admin on that system, you could see the problem again, ... > I manage a small network at a downtown Denver hotel. ...
(microsoft.public.windowsxp.help_and_support)
Re: penetration test in a Windows 2000/NT network
... Cain & Abel 2.5 is able to sniff and crack NTLMv2 hashes. ... >I will accomplish a penetration test in a Windows 2000/NT network shortly. ... >no Admin access) is likewise put to me at the disposal. ... >that are enforced to protect WLANs from known vulnerabilities and threats. ...
(Pen-Test)
Re: SImple Active Directory Setup Question
... Make sure that all your clients dns properties ALLWAYS use the DNS in your ... Level 1 - all rights, admin, etc. ... DNS entries in Network neighborhood ...
(microsoft.public.windows.server.active_directory)