>1. Remote VNC install - GUI session on target machine This is always good. >2. BO2K or Subseven Good way to go. >3. Port redirection with fpipe - a firewall is not always enough May be too technical. >4. Remote shell with netcat Not a bad way to work, though far too many VPs, and a lot of admins, aren't overly impressed when you go to "the dark place" (ie, the command prompt). >5. Null session - information gathering with no right This one is my favorite, especially if it can be used to then break into the system. My "null.pl" script pulls enough information from a system to make any admin or technically-savvy VP sit up and take notice. Try this...null session enumeration, then brute force one of the user accounts to gain access. Or, get in at a lower privilege level via some other means...IIS, for example. Once you're in, copy over your kit...be sure to include the appropriate tools for privilege escalation. Rename nc.exe to inetinfo.exe, and bind it to port 80 (if something isn't already bound there). Put your GUI tools in place and go about establishing a variety of footholds and backdoors. If you work it out ahead of time and script it, it'll be even more impressive. Carv ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 11:35:37 PDT