Re: win2k pentest - what can i do?

From: Ryan Permeh (ryanat_private)
Date: Fri Jul 06 2001 - 09:17:48 PDT

Next message: Franklin DeMatto: "fingerprinting a windows ftpd"

Previous message: MIKE DONOFRIO: "Fwd: Re: spoofing 255.255.255.255 techniques"
In reply to: Matt Andreko: "win2k pentest - what can i do?"
Next in thread: Alex Butcher: "Pen test vs Vulnerabilty Assessment (was Re: win2k pentest - what can i do?)"
Next in thread: Paul Rathborn: "Re: win2k pentest - what can i do?"
Reply: Alex Butcher: "Pen test vs Vulnerabilty Assessment (was Re: win2k pentest - what can i do?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

everyting that is possible from the graphical swhell is possible from the
command prompt using the proper utilities, what exactly is it that you wish
to do(or more properly: "Where do you want to go today" :)?

as a side, it occurs to me to ask the following of this group:

what level of pentration do you perform in an average test?  do you
penetrate completely?  use this to leverage access across a network? what
"trophy" do you use to prove access?  How do you spell out your level of
penetration to your customers?  do they understand the difference between
"vulnerability assesment" and penetration analysis?

just curious how everyone else chooses to do this....
Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer

----- Original Message -----
From: "Matt Andreko" <mandrekoat_private>
To: <pen-testat_private>
Sent: Friday, July 06, 2001 6:53 AM
Subject: win2k pentest - what can i do?


> I normally do not do pen tests on the win2k operating system.  However I
am
> doing one at the moment.  I have successfully got Administrator
privelages,
> but only at a pseudo-dos-prompt...  Is there anything i can do to get
> graphical abillities, since windows is basically useless without just
> graphics.  I have used the "net user" command to create a new user, and
> added it to the Administrators group, but I do not have physical access to
> this machine.
>
> Any help would be appreciated.
>
> --
> Matt Andreko
> On-Ramp Indiana
> (317)774-2100
>
>
> --------------------------------------------------------------------------
------------
>
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service
> For more information on SecurityFocus' SIA service which automatically
alerts you to
> the latest security vulnerabilities please see:
>
> https://alerts.securityfocus.com/
>
>


--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

Next message: Franklin DeMatto: "fingerprinting a windows ftpd"
Previous message: MIKE DONOFRIO: "Fwd: Re: spoofing 255.255.255.255 techniques"
In reply to: Matt Andreko: "win2k pentest - what can i do?"
Next in thread: Alex Butcher: "Pen test vs Vulnerabilty Assessment (was Re: win2k pentest - what can i do?)"
Next in thread: Paul Rathborn: "Re: win2k pentest - what can i do?"
Reply: Alex Butcher: "Pen test vs Vulnerabilty Assessment (was Re: win2k pentest - what can i do?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 13:18:23 PDT