First of all: apologizes for my bad english; it is not my native language.
I need some help with a pen-test, while I have physical access to the network.
As a security-enthusiast, my boss asked my to do a pen-test and show the
vulnerabilities within their network.
Despite that I m not a pentester, I go for this challenge.
I know a little bit about this subject, and Im used to work with Linux (Ubuntu).
Can someone point me in the right direction?
I have physical access to the computers (normal user-account) with Windows XP
SP2.
The public computers have some restrictions (disabled cmd.exe, msconfig,
taskmanager) but I can open a command shell with a portable version of cmd.exe
on a pendrive. Also it was possible to run batch-files. And it is also possible
to run a portable registry editor.
I gathered information with netstat, tasklist, net view, etc.
I should say that doing a pentest is much easier with this information en with
physical access to their computers/network. But I need some help after I did
some 'pentesting-things'
With nmap I scanned the ports at their public IP, but they are all
closed/filtered.
The public computers within their network are behind a proxy, but the computers
from the employees have a direct access to the internet (no proxy).
I gathered some usernames, and used Hydra with a large wordlist to Brute Force
them. But not succeeded.Also tried to place a version of netcat on their
systemdrive, but that was not possible because of restrictions.
What can I do more? I do not have experience with tools like metasploit, do I
need to learn more about this subject? Please point me in the right direction.
Thanks in advance
Milan
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
