Step 1: Hone in on your target when hacking

The multitude of processes and services on your servers are ripe for exploitation. This step-by-step guide from vulnerability testing expert Kevin Beaver provides specific steps for testing the security of your servers' configurations.

So, based on your reconnaissance and enumeration phases -- or just your general knowledge of your own environment -- you have some Windows servers that look interesting and need to be tested. In order to go down the Windows server process and service hacking path, you've got to start somewhere. I recommend looking for null sessions via the IPC$ share that permit connections to your servers for gleaning user IDs, passwords policies,...

etc. as well as missing patches and other vulnerabilities in running processes and services that a remote attacker or malicious insider can use against you.

If you're not sure what purpose a particular Windows server is serving, you can run NetViewX, an executable tool in the public domain, as shown in Figure 1.


Figure 1

The services running are listed between the % signs. You can also search for specific server types such as dial-in, domain controller and others using various command-line options. It's a neat tool -- that I highly recommend -- that'll help you better target your tests.

Remember that there are literally thousands of possible Windows hacks given all the different applications and services that could be running across all versions and patch revisions of your servers. The key is to go for your highest payoff tasks. What's going to give you (or a malicious attacker) the most bang for the buck? It might be a dial-in server or maybe a workstation -- it just depends. Again, use NetViewX if you're unsure what purposes your target systems are serving.

I also believe strongly that you'll never find all vulnerabilities every time you test. That's why it's important to test your systems on a consistent and ongoing basis. You cannot let up.


Hacking server processes and services

 Home: Introduction
 Step 1: Home in on your target
 Step 2:  Use good information and good tools to get rolling
 Step 3:  Drive your point home

ABOUT THE AUTHOR
Kevin Beaver (CISSP), is an information security consultant, expert witness, as well as a seminar leader and keynote speaker with Atlanta-based Principle Logic, LLC. Kevin can be reached at www.principlelogic.com.

This was first published in July 2006

Dig deeper on Microsoft Windows Server Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close