Penetration Testing mailing list archives
Pen testing a very small network
From: "Sekurity Wizard" <s.wizard () boundariez com>
Date: Tue, 1 Mar 2005 11:23:31 -0500
Hey y'all, I'm doing a pen test for a very small client, and I've found basically that they're behind a very ghetto IDS which will forever auto-block you if you port-scan them, haha, that aside, I find all Microsoft Server 2003 based stuff. Here's a litany of what I've found, perhaps you can make some recommendations? - IIS/6.0 as the web server - MS VPN -pptp (tcp/1723) open - Ipswitch WS_FTPd 5.0.4 running with the "ssl vpn" option *only* - IMAP open - MS Exchange OWA running at http://xxx.xxx.xxx/exchange (using basic auth!) I guess I have some specifics - as far as questions go. I've got a linux box I can ssh to and pen test from (since they've blocked my regular Source IPs). Is there a linux-cmd line script that'll cycle through and attempt to brute-force a password for a username I already know? What about the Ipswitch WS_FTPd running? I know 5.0.3 is vulnerable to a bunch of stuff, but does anyone have any recommendations for 5.0.4? Anyway - thanks. Cheers. \\`izard
Current thread:
- Pen testing a very small network Sekurity Wizard (Mar 01)
- Re: Pen testing a very small network Mailinglisten (Mar 02)
- Re: Pen testing a very small network Josh Zlatin-Amishav (Mar 02)
- <Possible follow-ups>
- RE: Pen testing a very small network BĂ©noni MARTIN (Mar 02)