Results 1 to 4 of 4

Thread: Ideas for compromising Server 2003 network; already know some passwords

  1. #1
    Just burned his ISO
    Join Date
    May 2010
    Posts
    1

    Default Ideas for compromising Server 2003 network; already know some passwords

    Hi. I'm looking for some ideas from knowledgeable people.

    First, an introduction. The network I'm dealing with has these features:

    • Windows Server 2003
    • a public facing IIS-6.0 server (run by the Windows Server) with ports 80, 443, and 22 open
    • --port 80 redirects to port 443, and the only thing that I can tell is on port 443 is Microsoft Office Outlook Web Access (OWA)
    • Around 200 machines running Windows XP that connect to the 2003 server
    • all of the client machines have the same LOCAL admin password, which I have compromised
    • each domain user has access to certain shares on the server
    • --I have compromised the passwords of various users whose shares I would like to access, however I can not crack the domain admin password


    So basically my goal is to be able to regularly access the shares of certain domain users. The problem is that I cannot physically access a PC to log in without being seen (because other users are always working at neighboring PCs).

    So do you guys have any ideas?


    Perhaps I could set up some sort of remote access software on one of the XP machines using a local admin password? Though then it would have to be able to be seen through the restricted firewall...
    Perhaps something could be done using the open port 22? I don't know much about SSH.
    Perhaps OWA is vulnerble? Or IIS-6.0?



    Thanks!

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Ideas for compromising Server 2003 network; already know some passwords

    Can you explain more about your relationship to the company that operates this network?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    16

    Default Re: Ideas for compromising Server 2003 network; already know some passwords

    Quote Originally Posted by lupin View Post
    Can you explain more about your relationship to the company that operates this network?
    I think he's just an unpriveleged copyguy there compromising passwords through shoulder-surfing. Probably trying to make money by selling sensitive data to the company's competition...

    I hope he clears his relationship otherwise he could be banned here...

    I hope I could be first to report him...


    I don't think he'll be back again... sad...
    Last edited by phangs; 05-24-2010 at 07:19 PM.

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Ideas for compromising Server 2003 network; already know some passwords

    At this point Im not expecting a reply.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Similar Threads

  1. Advice on Secureing a Windows Server 2003 Network....
    By >Dart> in forum OLD General IT Discussion
    Replies: 16
    Last Post: 07-24-2009, 03:22 PM
  2. Windows server 2003 now what?
    By imported_dragracekid in forum OLD General IT Discussion
    Replies: 19
    Last Post: 02-09-2009, 11:36 AM
  3. Windows Server 2003 Backup
    By ibrahim52 in forum OLD General IT Discussion
    Replies: 1
    Last Post: 05-20-2008, 12:06 PM
  4. VMware Server and Windows Server 2003
    By Zo7779 in forum OLD General IT Discussion
    Replies: 3
    Last Post: 05-08-2008, 05:53 AM
  5. Replies: 17
    Last Post: 01-18-2008, 07:36 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •