Hi, This query was on a pen-test we had to conduct where we had access to the DMZ but needed to go really under the radar to get to the machines in the intranet. (A blue team was watching) Thanks to all those who replied. As a result of which, we were able to achieve our objective of capturing the source code files, without raising alarms. We did this by using nbtdump (and not enum, it has a very large footprint). This was carried out during normal working hours, when it would be usual for the Win machines to be exchanging such information. After that we used the net use commands, for the rest. The problematic part was pinpointing the machine which would have the source code (as I had stated earlier, there were 100+ machines on the intranet). One of the machines had its name as USERNAME-DEV. This was our clue (Dev=Development), and it gave us what we needed. Since we only needed a few files to prove our point (the source code was the capture flag), we took them and left. Removed nbtdump, pwdump2, hk, etc and outputs of these. Cleared logs on DMZ machines (where we had been most noisy). We had a deadline for the project, which we would not have met, had it not been for the inputs from this list. Thanks again. KKM _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Sep 29 2001 - 10:33:44 PDT