 |
|
Home > Step 1: Hone in on your target |
|
|
|
Step 1: Hone in on your target |
|
| 18 Jul 2006 |
|
|
So, based on your reconnaissance and enumeration phases -- or just your general knowledge of your own environment -- you have some Windows servers that look interesting and need to be tested. In order to go down the Windows server process and service hacking path, you've got to start somewhere. I recommend looking for null sessions via the IPC$ share that permit connections to your servers for gleaning user IDs, passwords policies, etc. as well as missing patches and other vulnerabilities in running processes and services that a remote attacker or malicious insider can use against you.
If you're not sure what purpose a particular Windows server is serving, you can run NetViewX, an executable tool in the public domain, as shown in Figure 1.
Figure 1
The services running are listed between the % signs. You can also search for specific server types such as dial-in, domain controller and others using various command-line options. It's a neat tool -- that I highly recommend -- that'll help you better target your tests.
Remember that there are literally thousands of possible Windows hacks given all the different applications and services that could be running across all versions and patch revisions of your servers. The key is to go for your highest payoff tasks. What's going to give you (or a malicious attacker) the most bang for the buck? It might be a dial-in server or maybe a workstation -- it just depends. Again, use NetViewX if you're unsure what purposes your target systems are serving.
I also believe strongly that you'll never find all vulnerabilities every time you test. That's why it's important to test your systems on a consistent and ongoing basis. You cannot let up.
Hacking server processes and services
 Home: Introduction
Step 1: Home in on your target
Step 2: Use good information and good tools to get rolling
Step 3: Drive your point home
| ABOUT THE AUTHOR: |
|
About the author: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.
Copyright 2005 TechTarget
|
|
|
|
| Hyper-V - Windows Server Virtualization Solutions |
|
|
|
|
| TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of . |
|
| |
All Rights Reserved, , TechTarget |
|
|
|
|
|
