Penetration Testing mailing list archives

Re: Solaris Beginner

From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 5 Jan 2010 13:16:43 +0200

On Mon, 4 Jan 2010, pma111 wrote:

Is it possible to access data from a Solaris Server on Windows XP machine?


Unless it was designed to interoperate with Windows, most likely it
uses NFS. See Wikipedia for <Network_File_System_(protocol)>

If so could you provide tools or strategies to accomplish this.


There are tools to access NFS from Windows.

I've heard of SAMBA but would prefer some detail on how this works,
i.e a share on the Solaris box would have to be a SAMBA share would
it not?


If the Solaris box was configured to support "Windows shares" then
most likely it uses SAMBA.

Is it possible to access data on a solaris server from a windows
machine in the same active directory domain, but without any
specialist software?


Some software is always needed :-) If the server cooperates with you,
you can use, say, ftp or http.

Don't sure what you mean by Solaris box be in "the same active
directory domain". In Solaris world it may relate to
<Kerberos_(protocol)>.

I have a copy of the /etc/shadow/ file from the Solaris Server which
contains the encrypted passwords but I cannot find any Windows based
crackers that will crack these passwords.


<John_the_ripper> works on Windows, but it is not used if the system
uses Kerberos for authentication.

I also dont know what client software would be required to access
data on the Server from a Windows machine even if I do decrypt some
weak passwords?


telnet or ssh

Did see some mention of Putty but am unfamiliar with this or SAMBA.


Putty is a ssh client for Windows. SAMBA run on *NIX -- you do not
need it.

I also assume that any "open file shares" on the Solaris box wont be
mappable or reachable to a windows machine, as is the case on win2k
and windows 2003 servers, when all you need is my network places and
hope some of the shares hav been given the deadly "everyone acl" in
NTFS?


Solaris does not use NTFS. Again, read about NFS.

Out of interest, what are the mailing lists views on Security of a Solaris
Server if every user on the internal network only have windows machines?


Security of a system does not depend on what OS is (ordinarily) run on
other hosts. In theory almost any attack can be programmed for
Windows, in reality it is easier to load a LiveCD with Linux or use
VirtualBox.

Even if there is a weak password or open file share on the Solaris
Server, without specialist software is it fair to say the windows
users still wouldnt be able to get hold of data on the Server, or is
that a very naive view on things?


Naive.

-- 
Regards,
ASK

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Solaris Beginner pma111 (Jan 05)
- Re: Solaris Beginner Alexander Klimov (Jan 06)
- Re: Solaris Beginner Chris Brenton (Jan 06)
- Re: Solaris Beginner Alex Moen (Jan 06)
- Re: Solaris Beginner David Howe (Jan 06)
  - Re: Solaris Beginner R. DuFresne (Jan 11)
- Re: Solaris Beginner Robert Portvliet (Jan 06)
- Re: Solaris Beginner Davegu1 (Jan 06)
- Re: Solaris Beginner Todd Haverkos (Jan 06)
- <Possible follow-ups>
- Re: Solaris Beginner lukasz (Jan 06)