I understand your pain dean, I happen to work for a rather security paranoid (and rightfully so) organization with pages and pages of rules regarding computer use and installed programs.  All installed programs have to be OKed from my boss, her boss.. then Wash DC.  First thing I did, before I even hinted at installing anything, was to talk with my bosses boss, and with my boss and explain what programs I would like to install and their purpose.  I also explained my desire to gain the CEH and to work on security learning in general as a future focus of my career. 

After going through all the hoops, I have basically been given free reign to do as I like within proper bounds.  If I am going to do any scans I of course have to let the proper levels of boss-hood know, and get consent etc.  You just have to remember to cover your own 4ss first and foremost.  If you happen to scan something, and find a vulnerability.. you don't say a thing until you have gotten written or emailed permission to scan.  Heck, I had to get rid of Putty the other day, because a new policy regarding that specific program was implemented after a compromised machine was found using port 22 to connect out.  Not all policies make perfect sense, but remember your first priority is keeping a paycheck comming. 

It's a sad thing hearing you got canned over it, but I think it is a good reminder to the rest of us to watch out for our organization's policies as well.

I'm pretty newb myself, but if I understand you... you are refering to gaining a command shell on remote computer correct?  Or are you looking for a graphical UI view of their desktop? Or... from your question are you asking how to connect to a computer that is networked to a computer that you know the ip of, but are unsure of the target box? 

Either way, there are a ton of both proprietary, and simple methods for both.   You can ssh or telnet into them if you have user names/passwords and you just want a shell interface, which will allow you to look around the drive, execute code, etc.  If you're after something akin to a more graphical look, you can use something like PCanywhere, Dameware or even remote desktop.  Thing is with those, they generally require prior setup on the box to be connected to, or confirmation box-side by someone there.  Good tools for helpdesk techs etc.  With the SSH/Telnet you will need open ports that are generally not open.

Assuming that this is an ethical entrance, and you own or administer the boxes setting something up like this should be no problem.  If you are looking to break into the boxes, and have no permission to do so finding further answers would more likely than not require a different site.  There are a number of ways to open a shell on a remote computer through OS/app flaws, and there is a lot of documentation for how throughout this site.  I hope I answered some basics for you, and that I understood what you ment correctly.

Also, for port status discovery, OS fingerprinting, and generally great info on a target machine, Nmap is indespensible.

Kind of a 'left field' question for you guys.  But since we're on the topic of security expos and such, I was wondering if anyone else here is going to the SecureWorld Expo October 30-31st in Seattle? My job is 'hopefully' covering it, but I figured it would be a decent time to network if anyone else is going. 

I'm a tad new to this whole thing, but I've been gnawing at your forums for a while now learning.  One question I had, has anyone found an ISO distro of BackTrack that includes Nessus?  I use BackTrack a lot at work, and at home as well.. and have always found that one of the bigger limitations.  Like you all, I am interested in security testing... and it just seems odd to me that they wouldn't include such a useful tool.  Especially since... even Knoppix has it.  Any ideas in that regard?  Sorry to sidetrack the thread there don.