Penetration Testing mailing list archives
Re: [PEN-TEST] Deeper Penetration
From: Miller Scott Contr 30CS/FTI <Scott.Miller () VANDENBERG AF MIL>
Date: Wed, 15 Nov 2000 09:06:50 -0800
I did a similar penetration test against my own company as a demonstration awhile back, and once I got into the webserver I was able to crack some accounts that shared passwords with their equivalents in the domain. If that had failed, I probably would have tried setting up a NET USER command in one of the profiles and wait for a domain admin to log on. As for the firewalling, how about using CPSHOST.DDL (should be standard for IIS) to upload a file by HTTP? Scott -----Original Message----- From: thylacine () HUSHMAIL COM [mailto:thylacine () HUSHMAIL COM] Sent: Wednesday, November 15, 2000 5:51 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Deeper Penetration I'm working on a NT 4.0 server that appears to have SP5, Exchange 5.5 SP3, IIS 4.0 installed. It is running FAT on the boot partition (he said while sadly shaking his head) and I have been able to copy SAM._ to the wwwroot directory, download and crack it, (and delete it from wwwroot so no one stumbles across it). I already know what is going to happen when I show up with the admin password for this server. They are going to say this is just a member server, so it's no big deal. We all know this is wrong, but I need to prove why. I need to move on to a domain controller. None of the accounts or passwords I received from the local SAM on this server can be used to directly attack the domain. I need to establish a strong foot-hold on this server and move deeper into the domain. At this point I would like to install a keyboard capture program or perhaps VNC. Problem is, the system is firewalled and I can't get the server to download any tools. Suggestions anyone. Standard Pen-Test disclaimer: This is a legal hack. :-)
Current thread:
- [PEN-TEST] Deeper Penetration thylacine (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Ryan Russell (Nov 16)
- <Possible follow-ups>
- Re: [PEN-TEST] Deeper Penetration Miller Scott Contr 30CS/FTI (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Riot (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Chris St. Clair (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Oliver Petruzel (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Oliver Petruzel (Nov 16)
- Re: [PEN-TEST] Deeper Penetration J. Oquendo (Nov 17)
- Re: [PEN-TEST] Deeper Penetration Beauregard, Claude Q (Nov 17)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 17)