Penetration Testing mailing list archives

Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services

From: Kevin Reiter <tux () penguinnetwerx net>
Date: Tue, 07 Jun 2005 19:31:04 -0400

Hugo Vinicius Garcia Razera wrote:

Hi every one, I'm doing a pen test on a client, and have found that he
have a windows 2003 server box on one segment of his public addresses
this is his dns/web/mail server:

- mssql :1433
- terminal services :3389
- iis 6 :80
- smtp :25
- pop3 :110
- dns : 53
- ftp : filtered


<snip>

Why is MSSQL even open to the outside? Are they (your client) aware ofthis?


Just curious...

Current thread:

pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Hugo Vinicius Garcia Razera (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Kevin Reiter (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Aaron Oh (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Chip Andrews (Jun 07)
  - RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Sash (Jun 08)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Andres Riancho (Jun 07)
  - Injecting commands into a mainframe through a servlet Frederic Charpentier (Jun 08)
    - RE: Injecting commands into a mainframe through a servlet Jason Muskat (Jun 08)
  - RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Leandro Reox (Jun 09)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Tomasz Piotr Palarz (Jun 09)
  - Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Hugo Vinicius Garcia Razera (Jun 10)
- <Possible follow-ups>
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Geoff Varosky (Jun 07)

(Thread continues...)