RE: [ok] Windows 2003 HAck

From: Nunez, Yonesy F. (nunezy_at_conedsolutions.com)
Date: 09/09/04

  • Next message: Marius Huse Jacobsen: "Re: Craking Serv-u passwords stored in .ini file."
    To: Todd Towles <toddtowles@brookshires.com>, Curt Purdy <purdy@tecman.com>
    Date: Thu, 9 Sep 2004 08:46:49 -0400 
    
    

    It doesn't always find the service that is running on a particular port,
    specifically LDAP over SSL (636, 3269). I try to use it as an NMap verifier
    at times, but you shouldn't rely on its output all the time. Hope this
    helps.

    --
    Yonesy F. Nunez, CISSP, MCSE, Security+
    Technology Services
    ConEdisonSolutions
    Office: 914.286.7712
    NunezY@ConEdSolutions.com
    Failed to Plan ? ... Then Plan to Fail !!!
    -----Original Message-----
    From: Todd Towles [mailto:toddtowles@brookshires.com] 
    Sent: Wednesday, September 08, 2004 4:27 PM
    To: Curt Purdy
    Cc: pen-test@securityfocus.com
    Subject: RE: [ok] Windows 2003 HAck
    Anyone tested amap on a Windows 2003 box? I have it installed but never
    really tested it. Any Comments?
    Amap is a THC program - it maps applications to ports. 
    -----Original Message-----
    From: Curt Purdy [mailto:purdy@tecman.com] 
    Sent: Wednesday, September 08, 2004 1:39 AM
    To: dan57170@yahoo.com; pen-test@securityfocus.com
    Subject: RE: [ok] Windows 2003 HAck
    Daniel Regalado Arias wrote:
    > I can tell you that the server has Terminal-Services port open, and 
    > others like 80, 8080, 25, pop3(Mail Exchanger), 135 y 139 (nat).
    <snip>
    If they are dumb enough to be running TS on 3389, they likely have an
    easy
    Administrator password.  Why not just run a limited dictionary against
    administrator?
    Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
    Information Security Engineer
    DP Solutions
    ----------------------------------------
    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
    -- former White House cybersecurity czar Richard Clarke
    ------------------------------------------------------------------------
    ------
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one
    interaction
    with one of our expert instructors. Check out our Advanced Hacking
    course,
    learn to write exploits and attack security infrastructure. Attend a
    course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ------------------------------------------------------------------------
    -------
    ----------------------------------------------------------------------------
    --
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one interaction
    with one of our expert instructors. Check out our Advanced Hacking course,
    learn to write exploits and attack security infrastructure. Attend a course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. All of our class sizes are
    guaranteed to be 12 students or less to facilitate one-on-one interaction
    with one of our expert instructors. Check out our Advanced Hacking course,
    learn to write exploits and attack security infrastructure. Attend a course
    taught by an expert instructor with years of in-the-field pen testing
    experience in our state of the art hacking lab. Master the skills of an
    Ethical Hacker to better assess the security of your organization.
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------
    

  • Next message: Marius Huse Jacobsen: "Re: Craking Serv-u passwords stored in .ini file."