Peter, Charles makes allot of sense (in my humble opinion). What is the exact purpose of the test? It seems to me it is quite a limited scope and the scope is the mother of the assignment. :-) But more to the point: - In case you just have CL access but also physical access, prepare a nice customized boot-CD and let the magic lose (if allowed) - Otherwise, if you have only remote CL access, you can try to install a redirector and just use the Solaris box as a link with your own box (again if allowed). - There used to exist a windows/dos emulator for Sun (WABI). Do not know if it works on Solaris 2.6. You could have a look at it. Hopes it helps but I have the feeling that you are not granted this kind of freedom :'-) Met vriendelijke groet, Herwig Thyssens Ernst & Young TSRS (formerly ISAAS) Technology and Security Risk Services 204 Avenue Marcel Thiry Laan, B-1200 Brussels, Belgium Tel: +32-(0)2-774.63.08 - Fax: +32-(0)2-774.94.79 E-mail: herwig.thyssensat_private Url: www.tsrs.be "Ballowe, Charles" To: "'peter.king'" <peter.kingat_private>, pen-testat_private <CBalloweat_private cc: m> Subject: RE: Pen-Testing Windows from Solaris 12/05/2003 20:08 Interesting challenge - hope the customer doesn't claim security of their MS network based on the success or failure to compromise it from a Solaris box. Will you have root on the Sun? I suggest getting samba installed, mostly for the ability to browse shares etc. if you manage to find an unsecured share or a weak password. You may also want to search for tools to do NULL session enumeration against various boxen on the windows network. Of course, you'll want old favorites line nmap and a sniffer handy. Are you allowed to social engineer (via e-mail or otherwise) a set of tools onto their systems? There are keygrabbers or even BO that can be fairly easy to install if you can convince a user to double click a trojaned binary. What is the goal of the pen test? Every test should have a goal of some sort - whether it is take down services or gather sensitive information doesn't really matter, but there should be a goal. -Charlie > -----Original Message----- > From: peter.king [mailto:peter.kingat_private] > Sent: Monday, May 12, 2003 10:10 AM > To: pen-testat_private > Cc: peter.kingat_private > Subject: Pen-Testing Windows from Solaris > > > > > Hi > > I have recently been given the task of Pen-Testing several > large Windows networks, running a variety of versions of windows. > > Unfortunatly the only platform I will have to conduct the > tests will be a Sparc Solaris 2.6 box. I will have command > line access only to this box. > > I envisage the main problems with the boxes to be poor > passwords, open shares, IIS, and MS SQL. > > Given these limits what command line tools would people > suggest as the best ones to use that will run under Solaris > 2.6? I have my own ideas for several of them but would > appreaciate any extra input. > > Cheers, > > Peter > > -------------------------------------------------------------- > ------------- > Did you know that you have VNC running on your network? > Your hacker does. > Plug your security holes. > Download a free 15-day trial of VAM: > http://www.securityfocus.com/StillSecure-pen-test > -------------------------------------------------------------- > -------------- > --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ---------------------------------------------------------------------------- ______________________________________________________________________ The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. Ernst & Young is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 13 2003 - 09:38:11 PDT