Re: penetration test in a Windows 2000/NT network

From: Michael Thumann (mlthumann_at_ids-guide.de)
Date: 05/14/03

Next message: Alfred Huger: "SecurityFocus Call for Pen-Test Articles"

Previous message: Mark Ng: "RE: penetration test in a Windows 2000/NT network"
In reply to: heron heron: "penetration test in a Windows 2000/NT network"
Next in thread: Chris Beek: "Re: penetration test in a Windows 2000/NT network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 14 May 2003 18:17:20 +0100
To: pen-test@securityfocus.com

Cain & Abel 2.5 is able to sniff and crack NTLMv2 hashes.
www.oxid.it

cheers
Michael

At 14:29 14.05.03 +0100, heron heron wrote:
>Hi,
>
>I will accomplish a penetration test in a Windows 2000/NT network shortly. A
>goal is to get confidential information (files) and if possible get admin
>rights. I will be with my computers in the LAN. A computer for normal uses
>(thus
>no Admin access) is likewise put to me at the disposal.
>
>Is there a possibility on a Windows 2000 computers (physical access is
>possible)
>to attain admin rights without to overwrite the admin account. Background: I
>would like try to crack the password of the local admin (e.g. by means of
>pwdump
>and John). There ist the possibility that all admin passwords (also for the
>domain) is alike.
>
>Is there a tool, with which I can crack NTLMv2 hashes. Background: I will
>try to
>sniff hashes during the registration at the DC (e.g. CAIN, ettercap) and to
>crack them. Unfortunately me is still no tool known in order to crack NTLMv2
>hashes.
>
>A further possibility at to come to information, would be the employment of a
>SMB Proxy. By ARP Spoofing it would be nevertheless theoretically possible to
>intercept the LM/NTLM(v1/v2) authentication . Then the attacker could itself
>instead announce at the server. Does it give there already such a Tool?
>
>Who has suggestions? For Tools please give always in the Web URL (if
>possible of
>the programmer).
>
>Greeting
>Heron
>
>__________________________________________________________________
>Arcor-DSL Flatrate - jetzt kostenlos einsteigen und bis zu 76,18 Euro sparen!
>Arcor-DSL gibt es jetzt auch mit bis zu 1500 Mbit/s Downstream!
>http://www.angebot.arcor.net/cgi-bin/angebot.cgi?key=b13e92247022
>
>
>---------------------------------------------------------------------------
>*** Wireless LAN Policies for Security & Management - NEW White Paper ***
>Just like wired networks, wireless LANs require network security policies
>that are enforced to protect WLANs from known vulnerabilities and threats.
>Learn to design, implement and enforce WLAN security policies to lockdown
>enterprise WLANs.
>
>To get your FREE white paper visit us at:
>http://www.securityfocus.com/AirDefense-pen-test
>----------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------
Michael Thumann mlthumann@ids-guide www.ids-guide.de
Public Key available at http://www.ids-guide.de/MichaelThumann.asc
----------------------------------------------------------------------------------------------------
The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location...and i'm not
even too sure about that one
--Dennis
Huges, FBI.

---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------

Next message: Alfred Huger: "SecurityFocus Call for Pen-Test Articles"

Previous message: Mark Ng: "RE: penetration test in a Windows 2000/NT network"
In reply to: heron heron: "penetration test in a Windows 2000/NT network"
Next in thread: Chris Beek: "Re: penetration test in a Windows 2000/NT network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: penetration test in a Windows 2000/NT network
... As mentioned in the email from Mark Ng, L0phtcrack will be your tool. ... If the network is switched, you have to use a combination of the tool ... > no Admin access) is likewise put to me at the disposal. ... > that are enforced to protect WLANs from known vulnerabilities and threats. ...
(Pen-Test)
penetration test in a Windows 2000/NT network
... I will accomplish a penetration test in a Windows 2000/NT network shortly. ... no Admin access) is likewise put to me at the disposal. ... to attain admin rights without to overwrite the admin account. ... Unfortunately me is still no tool known in order to crack NTLMv2 ...
(Pen-Test)
RE: penetration test in a Windows 2000/NT network
... for you to install something like a hardware key logger on a network ... If someone has physical access to the LAN, I don't see why they couldn't ... > no Admin access) is likewise put to me at the disposal. ... with which I can crack NTLMv2 hashes. ...
(Pen-Test)
RE: A question for the list...
... >> evolution of the network ... implement and enforce WLAN security policies ... >> enterprise WLANs. ... implement and enforce WLAN security policies to ...
(Incidents)
RE: A question for the list...
... attempts to remove the virus from the host. ... -If a command can be given in a channel to "shut down" the network of hosts, ... wireless LANs require network security policies ... that are enforced to protect WLANs from known vulnerabilities and threats. ...
(Incidents)