UnderGround Forums
 

ITGround >> pen-testing help for a bootcamp class


7/13/12 12:43 AM
Ignore | Quote | Vote Down | Vote Up
Buddhadev
21 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 1/1/01
Posts: 4143
 
The DoD has sent me to a three week IT bootcamp and one of the challenges our instructors have posed is cracking a (windows) file server they have and typing your name into a notepad file on it.

I know VERY little about networking (I've been a DBA/data analyst/and PM in my last few job roles) so I've mostly been trying baby stuff.

For the class, we're given "student" domain accounts that are regular users on their windows 7 machines. We don't have any rights on the domain or any sort of elevated/admin on our machines.

I tried some obvious stuff like \\(IP address)\C$ to see if that gives me anything, but nada. A quick and dirty command line ping sweep script only showed three machines on the same subnet as their file server.

Tried to see if the FS would take connections from remote desktop or FTP, but neither got response. About all I can do is ping it.

Any ideas? Thanks! :-)
7/13/12 12:44 AM
Ignore | Quote | Vote Down | Vote Up
Buddhadev
21 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 1/1/01
Posts: 4144
BTW, if possible, I'd prefer to avoid downloading any "script kiddy" stuff to get this done. I don't want to run the risk of actually wrecking their network. Thanks!
7/14/12 7:33 AM
Ignore | Quote | Vote Down | Vote Up
OnCall
25 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 3/15/06
Posts: 1654
Can you use Metasploit?
7/14/12 1:47 PM
Ignore | Quote | Vote Down | Vote Up
Buddhadev
21 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 1/1/01
Posts: 4146
OnCall - Can you use Metasploit?


Can that run on windows without being on an admin account? If it can't, it doesn't help me much.

I can't download it here at the lab, but I can try to bring it in on a removable device.
7/14/12 2:00 PM
Ignore | Quote | Vote Down | Vote Up
OnCall
25 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 3/15/06
Posts: 1655
At least run nmap against it and see what is listening on the box.
7/17/12 11:45 PM
Ignore | Quote | Vote Down | Vote Up
Buddhadev
21 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 1/1/01
Posts: 4147
^^^DL'ing both of those tools. I'll see if it lets me install them. Thanks for your input! :-)
7/20/12 12:53 PM
Ignore | Quote | Vote Down | Vote Up
Synado
32 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 1/22/05
Posts: 7595
OnCall - At least run nmap against it and see what is listening on the box.


^^^^^
7/20/12 4:42 PM
Ignore | Quote | Vote Down | Vote Up
Synado
32 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Edited: 07/20/12 4:42 PM
Member Since: 1/22/05
Posts: 7597
What shows up when you open the network icon?
7/24/12 12:18 AM
Ignore | Quote | Vote Down | Vote Up
Buddhadev
21 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 1/1/01
Posts: 4148
^^^On my WS in class? Pretty much all the other WS's the other students are using.
7/24/12 12:19 AM
Ignore | Quote | Vote Down | Vote Up
Buddhadev
21 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 1/1/01
Posts: 4149
^^^As does that FS.

Also they put out today that we're not supposed to use apps/installs to do this. :-(
8/1/12 1:37 AM
Ignore | Quote | Vote Down | Vote Up
poober
4 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 3/11/07
Posts: 2049
Does your local computer have a cd/dvd drive? If so, boot from Knoppix or any other bootable disk and you're set. At least reset the local admin password. If you're lucky there will be a server profile on the computer and you can recover the password. It's not an install or windows app, so maybe that will fly.

Can you use your own apps? Like writing your own scripts? If not what a dumb ass assignment.
8/4/12 4:41 AM
Ignore | Quote | Vote Down | Vote Up
Buddhadev
21 The total sum of your votes up and votes down Send Private Message Add Comment To Profile

Member Since: 1/1/01
Posts: 4154
^^^Thanks guys. Just actually got home from the course, so never got a chance to try the last couple ideas for tackling this bonus assignment. :-(

Great ideas from everyone! Wouldn't want to get on you guys' bad sides!

Reply Post

You must log in to post a reply. Click here to login.