RE: [ok] Windows 2003 HAck

From: Nunez, Yonesy F. (nunezy_at_conedsolutions.com)
Date: 09/09/04

  • Next message: Marius Huse Jacobsen: "Re: Craking Serv-u passwords stored in .ini file."
    To: Todd Towles <toddtowles@brookshires.com>, Curt Purdy <purdy@tecman.com>
    Date: Thu, 9 Sep 2004 08:46:49 -0400 
    
    

    It doesn't always find the service that is running on a particular port,
    specifically LDAP over SSL (636, 3269). I try to use it as an NMap verifier
    at times, but you shouldn't rely on its output all the time. Hope this
    helps.

    --
    Yonesy F. Nunez, CISSP, MCSE, Security+
    Technology Services
    ConEdisonSolutions
    Office: 914.286.7712
    NunezY@ConEdSolutions.com
    Failed to Plan ? ... Then Plan to Fail !!!
    -----Original Message-----
    From: Todd Towles [mailto:toddtowles@brookshires.com] 
    Sent: Wednesday, September 08, 2004 4:27 PM
    To: Curt Purdy
    Cc: pen-test@securityfocus.com
    Subject: RE: [ok] Windows 2003 HAck
    Anyone tested amap on a Windows 2003 box? I have it installed but never
    really tested it. Any Comments?
    Amap is a THC program - it maps applications to ports. 
    -----Original Message-----
    From: Curt Purdy [mailto:purdy@tecman.com] 
    Sent: Wednesday, September 08, 2004 1:39 AM
    To: dan57170@yahoo.com; pen-test@securityfocus.com
    Subject: RE: [ok] Windows 2003 HAck
    Daniel Regalado Arias wrote:
    > I can tell you that the server has Terminal-Services port open, and 
    > others like 80, 8080, 25, pop3(Mail Exchanger), 135 y 139 (nat).
    <snip>
    If they are dumb enough to be running TS on 3389, they likely have an
    easy
    Administrator password.  Why not just run a limited dictionary against
    administrator?
    Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
    Information Security Engineer
    DP Solutions
    ----------------------------------------
    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
    -- former White House cybersecurity czar Richard Clarke
    ------------------------------------------------------------------------
    ------
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one
    interaction
    with one of our expert instructors. Check out our Advanced Hacking
    course,
    learn to write exploits and attack security infrastructure. Attend a
    course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ------------------------------------------------------------------------
    -------
    ----------------------------------------------------------------------------
    --
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one interaction
    with one of our expert instructors. Check out our Advanced Hacking course,
    learn to write exploits and attack security infrastructure. Attend a course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one interaction
    with one of our expert instructors. Check out our Advanced Hacking course,
    learn to write exploits and attack security infrastructure. Attend a course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------
    

  • Next message: Marius Huse Jacobsen: "Re: Craking Serv-u passwords stored in .ini file."

    Relevant Pages

    • RE: Réf. : snmp
      ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • Re: Wireless Scanning
      ... >> Ethical Hacking at the InfoSec Institute. ... >> with one of our expert instructors. ... Check out our Advanced Hacking ... >> learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: interesting wireless card and linux issue
      ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: Web Application Tester
      ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • RE: Any caveats for linux under VMware, pen testing?
      ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)