Originally Posted by AllThingsSacred
What exactly are you testing for? A simple nmap scan should show up certain vulnerabilities, particularly if you are using an older version of Microsoft IIS or an older version of Apache [which, I might add, is archaic and dangerously insecure in some cases].
I would personally be doing some of the following; a port-scan for vulnerabilities, then use some tool like plink to open an SSH tunnel into your machine, perform a privilege escalation exploit and give myself full rights in the SYSTEM usergroup i.e. have complete control of the machine.
That is assuming you are running Windows, if you are running UNIX I would look for things like the MySQL daemon, Apache [which as I have said is open source and not greatly secure], and any other open ports you may have to give myself access to the server.
This is a "Can you hack the box" test. I have Nmap and other scanning tools in house. They all fail. Besides, scanning don't do anything but tell you tid bits of information that you "Might" be able to use, but scanning is just that.....scanning. You don't breach security just by seeing what ports are open on a machine. I have used PStools on the inside of the network, and we completely shut it down. PStools is worthless against the box. Nmap, SuperScan, Advanced Lan Scanner are a few I have tried thus far. Even if able to retireve stuff like what OS is running on it, that still gives nothing by way of actually hacking into the box. I need people to actually try to break into the box.
I need people to try what you just said (perform a privilege escalation exploint and gain full control over the machine)....That is if you can. I need best foots forward here, hit it with your best shot.
It's running Windows by the way.