PaulDotCom mailing list archives
pentest with physical access
From: milan2314 at hotmail.com (Milan ______)
Date: Fri, 3 Apr 2009 18:41:28 +0200
First of all: apologizes for my bad english; it is not my native language. I need some help with a pen-test, while I have physical access to the network. As a security-enthusiast, my boss asked my to do a pen-test and show the vulnerabilities within their network. Despite that I m not a pentester, I go for this challenge. I know a little bit about this subject, and Im used to work with Linux (Ubuntu). Can someone point me in the right direction? I have physical access to the computers (normal user-account) with Windows XP SP2. The public computers have some restrictions (disabled cmd.exe, msconfig, taskmanager) but I can open a command shell with a portable version of cmd.exe on a pendrive. Also it was possible to run batch-files. And it is also possible to run a portable registry editor. I gathered information with netstat, tasklist, net view, etc. I should say that doing a pentest is much easier with this information en with physical access to their computers/network. But I need some help after I did some 'pentesting-things' With nmap I scanned the ports at their public IP, but they are all closed/filtered. The public computers within their network are behind a proxy, but the computers from the employees have a direct access to the internet (no proxy). I gathered some usernames, and used Hydra with a large wordlist to Brute Force them. But not succeeded.Also tried to place a version of netcat on their systemdrive, but that was not possible because of restrictions. What can I do more? I do not have experience with tools like metasploit, do I need to learn more about this subject? Please point me in the right direction. Thanks in advance Milan _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090403/f8246e5e/attachment.htm
Current thread:
- pentest with physical access Milan ______ (Apr 03)
- pentest with physical access Vincent Lape (Apr 03)
- pentest with physical access infolookup at gmail.com (Apr 03)
- pentest with physical access Vincent Lape (Apr 03)