Step-by-Step Guide

Step 1: Hone in on your target when hacking

So, based on your reconnaissance and enumeration phases -- or just your general knowledge of your own environment -- you have some Windows servers that look interesting and need to be tested. In order to go down the Windows server process and service hacking path, you've got to start somewhere. I recommend looking for null sessions via the IPC$ share that permit connections to your servers for gleaning user IDs, passwords policies, etc. as well as missing patches and other vulnerabilities in running processes and services that a remote attacker or malicious insider can use against you.

If you're not sure what purpose a particular Windows server is serving, you can run

    Requires Free Membership to View

NetViewX, an executable tool in the public domain, as shown in Figure 1.


Figure 1

The services running are listed between the % signs. You can also search for specific server types such as dial-in, domain controller and others using various command-line options. It's a neat tool -- that I highly recommend -- that'll help you better target your tests.

Remember that there are literally thousands of possible Windows hacks given all the different applications and services that could be running across all versions and patch revisions of your servers. The key is to go for your highest payoff tasks. What's going to give you (or a malicious attacker) the most bang for the buck? It might be a dial-in server or maybe a workstation -- it just depends. Again, use NetViewX if you're unsure what purposes your target systems are serving.

I also believe strongly that you'll never find all vulnerabilities every time you test. That's why it's important to test your systems on a consistent and ongoing basis. You cannot let up.


Hacking server processes and services

 Home: Introduction
 Step 1: Home in on your target
 Step 2:  Use good information and good tools to get rolling
 Step 3:  Drive your point home

ABOUT THE AUTHOR
Kevin Beaver (CISSP), is an information security consultant, expert witness, as well as a seminar leader and keynote speaker with Atlanta-based Principle Logic, LLC. Kevin can be reached at www.principlelogic.com.

This was first published in July 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: