Penetration Testing mailing list archives
Re: win2k pentest - what can i do?
From: "John Tannahill" <jtannahi () netcom ca>
Date: Fri, 6 Jul 2001 12:12:59 -0400
I have successfully got Administrator privelages,
but only at a pseudo-dos-prompt... Is there anything i can do to get graphical abillities, since windows is basically useless without just graphics. Don't agree with this statement since there are plently of command-line based utilities that are useful: - other net commands (net use, start /stop services) - telnet (you can start the win2k telnet server) - ftp - tftp client to obtain programs of your choice from your machine - netcat To answer your question re gui access (it depends what you want to do): - Map network drive (c$, d$ etc) and use explorer - Use MMC Win2k Admin Tools - Use MMC IIS Admin (if web/ftp service is running) - Start win2k terminal server if service is installed - Use Frontpage 2000 for IIS admin - Remotely install VNC and run for full remote control - If Active Directory is available - use ldp.exe for enumeration - If pcanywhere or controlit are installed - obtain client, start service etc - If it is running on Compaq - try Compaq Insight Manager web interface - If SQL Server or Oracle is running - try respective clients First step would be to enunmerate services and go from there. But again, what is the objective???? To name but a few. Regards, J -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- win2k pentest - what can i do? Matt Andreko (Jul 06)
- Re: win2k pentest - what can i do? Mike DeGraw-Bertsch (Jul 06)
- Re: win2k pentest - what can i do? Jonathan Rickman (Jul 06)
- Re: win2k pentest - what can i do? John Tannahill (Jul 06)
- Re: win2k pentest - what can i do? Ryan Permeh (Jul 06)
- Pen test vs Vulnerabilty Assessment (was Re: win2k pentest - what can i do?) Alex Butcher (Jul 11)
- <Possible follow-ups>
- RE: win2k pentest - what can i do? Jeff Seely (Jul 06)
- Re: win2k pentest - what can i do? Paul Rathborn (Jul 07)