| To: | pen-test@securityfocus.com |
|---|---|
| Subject: | Re: windows 2003 server |
| From: | Nicolas RUFF <nicolas.ruff@gmail.com> |
| Date: | Sun, 11 Mar 2007 10:44:41 +0100 |
| Cc: | Chris Parker <chris_parker@adelphia.net> |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=knJgSgqVN9cXeXwCJ7FWyKsIYtosta1XpfYeWoi/pOnSe6k5yOXPNZ6qoEGBB7veAtflbuWOcy2aA2Za2L4td7EfdgNIGbhW0CiTB2IefnlbufLLh5XnuZsuxw7tLYc1vapv3xH4s0Q+I2MruU5DtTRpxv1lKywYDUB/6BzNTh0= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=Q9qoi4UwB1eBH/OzxfT1y1T7XyLx+3pW2tgIkfMjPES0fxG1qqSn6uEa1E+/jp7QOYpB5vzdcXBID9RPPmASrHB15J//+KLWBm2VgqadXiZK+hsiUgSNKJlTiUDrrnprRAa6NwqpvM74Hnu7VQZRVzSjhpjyBVJfBad3tAsETNs= |
| In-reply-to: | <45DE3D34.10605@adelphia.net> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <45DE3D34.10605@adelphia.net> |
| Resent-date: | Tue, 13 Mar 2007 17:28:29 -0700 (MST) |
| Resent-from: | pen-test-return-1078483751@securityfocus.com |
| Resent-message-id: | <20070314002829.BE31423AB77@outgoing3.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
| User-agent: | Thunderbird 1.5.0.10 (Windows/20070221) |
> I have a win2003 server that I have been asked to test its password > policy. I am new to this and was wondering what would be the best > approach to gain access? It is in my local network and will be > segregated from the rest of the network for testing. I would be using a > remote machine to log in and not locally. What would be your suggestions? Password policy can be found in Administrative Tools/[Local | Domain] Security Policy. What do you mean by "testing password policy" ? Why do you need to gain access ? You'd better ask for an administrative account and dump the SAM file into a password cracker (like LCP). Given the default security policy of W2003 (anonymous account enumeration blocked, password length over 7 and mixed characters required), your chances to break in remotely without any additional information are near zero. Regards, - Nicolas RUFF ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: What protocol to choose for a new fuzzer?, Nicolas RUFF |
|---|---|
| Next by Date: | Re: nbns spoofer, Nicolas RUFF |
| Previous by Thread: | Re: What protocol to choose for a new fuzzer?, Nicolas RUFF |
| Next by Thread: | Re: windows 2003 server, Chris Parker |
| Indexes: | [Date] [Thread] [Top] [All Lists] |