Step 1: Hone in on your target when hacking

Step 1: Hone in on your target when hacking

So, based on your reconnaissance and enumeration phases -- or just your general knowledge of your own environment -- you have some Windows servers that look interesting and need to be tested. In order to go down the Windows server process and service hacking path, you've got to start somewhere. I recommend looking for null sessions via the IPC$ share that permit connections to your servers for gleaning user IDs, passwords policies, etc. as well as missing patches and other vulnerabilities in running processes and services that a remote attacker or malicious insider can use against you.

If you're not sure what purpose a particular Windows server is serving, you can run

    Requires Free Membership to View

    Login

    When you register, my team of editors will also send you the latest expert resources covering pertinent IT topics such as Windows server backup and recovery, server administration, storage management, infrastructure security, virtualization, Hyper-V, Active Directory and Group Policy.

    Cathleen A. Gagne, Senior Editorial Director

    By submitting your registration information to SearchWindowsServer.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchWindowsServer.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

NetViewX, an executable tool in the public domain, as shown in Figure 1.


Figure 1

The services running are listed between the % signs. You can also search for specific server types such as dial-in, domain controller and others using various command-line options. It's a neat tool -- that I highly recommend -- that'll help you better target your tests.

Remember that there are literally thousands of possible Windows hacks given all the different applications and services that could be running across all versions and patch revisions of your servers. The key is to go for your highest payoff tasks. What's going to give you (or a malicious attacker) the most bang for the buck? It might be a dial-in server or maybe a workstation -- it just depends. Again, use NetViewX if you're unsure what purposes your target systems are serving.

I also believe strongly that you'll never find all vulnerabilities every time you test. That's why it's important to test your systems on a consistent and ongoing basis. You cannot let up.


Hacking server processes and services

 Home: Introduction
 Step 1: Home in on your target
 Step 2:  Use good information and good tools to get rolling
 Step 3:  Drive your point home

ABOUT THE AUTHOR
Kevin Beaver (CISSP), is an information security consultant, expert witness, as well as a seminar leader and keynote speaker with Atlanta-based Principle Logic, LLC. Kevin can be reached at www.principlelogic.com.

This was first published in July 2006