Penetration Testing mailing list archives
Re: [PEN-TEST] Deeper Penetration
From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Thu, 16 Nov 2000 09:16:26 -0500
It's hard for something like Tivoli, or a reporting or monitoring tool that is installed on the domain and running agents, not to be installed as a privileged
Thats what groups are for and hopefully people don't forget that. Its also a good thing to run little neat toys like sudo aliong with expect scripts an networks which needs access levels at a higher norm than typical "mom-and-pop" networks. sudo + ipsec + expect over tunneling is probably the best way to have something like Tivoli or any other montoring service set up in my opinion. Sure its a bit of a b#tch to set up but thats the fun part.
For someone breaking into something, those services that are running as accounts other than LocalSystem or local accounts, can be a great thing to find!
For someone configuring these services I would hope they would be more clueful when assessing security. Then again if this were so many security gurus would be poor :O sil () disgraced org sil () antioffline com ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- [PEN-TEST] Deeper Penetration thylacine (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Ryan Russell (Nov 16)
- <Possible follow-ups>
- Re: [PEN-TEST] Deeper Penetration Miller Scott Contr 30CS/FTI (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Riot (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Chris St. Clair (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Oliver Petruzel (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Oliver Petruzel (Nov 16)
- Re: [PEN-TEST] Deeper Penetration J. Oquendo (Nov 17)
- Re: [PEN-TEST] Deeper Penetration Beauregard, Claude Q (Nov 17)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 17)