RE: penetration test in a Windows 2000/NT network

From: Matthew Wagenknecht (Matthew.Wagenknechtat_private)
Date: Sat May 17 2003 - 06:06:56 PDT

Next message: Bugsy: "Pen testing a CVS server"

Previous message: NetExpress: "bsdbsdftpd-6.0-ssl-0.6.1-1 attack allows remote users identification"
Maybe in reply to: heron heron: "penetration test in a Windows 2000/NT network"
Next in thread: Anders Thulin: "Re: penetration test in a Windows 2000/NT network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

LHFTools.com has two tools that may prove useful as well; winlhf and sqllhf.

Winlhf is a windows account brute force tool. SQLLHF is a SQL account brute
force tool.. They are rather fast and work well. They can look for the easy
stuff -  the "low hanging fruit"  - while you are directing your attacks
elsewhere..

..:: Matt ::.. 
 
Bother!, said Pooh as his network froze..
-----------
varified gramaticly correckt using EverRight Spellchecher v1.0


-----Original Message-----
From: heron heron [mailto:h.heronat_private] 
Sent: Wednesday, May 14, 2003 7:30 AM
To: pen-testat_private
Subject: penetration test in a Windows 2000/NT network


Hi, 

I will accomplish a penetration test in a Windows 2000/NT network shortly. A
goal is to get  confidential information (files) and if possible get admin
rights. I will be with my computers in the LAN. A computer for normal uses
(thus no Admin access) is likewise put to me at the disposal. 

Is there a possibility on a Windows 2000 computers (physical access is
possible) to attain admin rights without to overwrite the admin account.
Background: I would like try to crack the password of the local admin (e.g.
by means of pwdump and John). There ist the possibility that all admin
passwords (also for the
domain) is alike. 

Is there a tool, with which I can crack NTLMv2 hashes. Background: I will
try to sniff hashes during the registration at the DC (e.g. CAIN, ettercap)
and to crack them. Unfortunately me is still no tool known in order to crack
NTLMv2 hashes. 

A further possibility at to come to information, would be the employment of
a SMB Proxy. By ARP Spoofing it would be nevertheless theoretically possible
to intercept the LM/NTLM(v1/v2) authentication . Then the attacker could
itself instead announce at the server. Does it give there already such a
Tool? 

Who has suggestions? For Tools please give always in the Web URL (if
possible of the programmer). 

Greeting
Heron

__________________________________________________________________
Arcor-DSL Flatrate - jetzt kostenlos einsteigen und bis zu 76,18 Euro
sparen! Arcor-DSL gibt es jetzt auch mit bis zu 1500 Mbit/s Downstream!
http://www.angebot.arcor.net/cgi-bin/angebot.cgi?key=b13e92247022



---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------

Next message: Bugsy: "Pen testing a CVS server"
Previous message: NetExpress: "bsdbsdftpd-6.0-ssl-0.6.1-1 attack allows remote users identification"
Maybe in reply to: heron heron: "penetration test in a Windows 2000/NT network"
Next in thread: Anders Thulin: "Re: penetration test in a Windows 2000/NT network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 18 2003 - 10:52:17 PDT