Re: There is something to do with metasploit when you own a machine not member of domain?

[Konrads Smelkovs <konrads () smelkovs com>]

Brute force passwords and hope something works.

2010/6/5, Richard Miles <richard.k.miles () googlemail com>:
> Hello
>
> I have a question that I believe may be interesting, suppose you have
> a network with two domains (A and B), you want to compromise the
> machines on the domain B, but you only found vulnerabilities in domain
> A. You compromised one machine member of domain A and meterpreter is
> running with SYSTEM privilege, when you hashdump there is not hashes
> from other domains, the local administrator account is different
> between domain A and B. Machines on domain B appear to be all well
> patched. However, sometimes you see machines of one administrator to
> log over SMB or RDP on the machine A that you compromised, however he
> uses a domain A credential, since all the other credentials are
> different. My question is, there is anything that can be done? Any
> kind of impersonate attack, etc where the compromised machine on
> domain A could allow me to access the machine on domain B?
>
> I don't think there is a way, but I want to ask since during the last
> days I seen very cool features at meterpreter.
>
> Thanks
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework

-- 
Nosūtīts no manas mobilās ierīces

--
Konrads Smelkovs
Applied IT sorcery.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework