Penetration Testing mailing list archives
Re: priviledge escalation techniques
From: Chuck Herrin <me () chuckherrin com>
Date: Mon, 17 Jan 2005 10:16:14 -0600
Hi Dan, One of my favorite methods is to gain local admin via a linux boot disk (like ntchpw), install a keylogger, then break something or disable a needed service and call the help desk. Since they usually can't fix anything detailed, the 2nd level tech usually comes around and logs in with an admin account to take a look. Sometimes the responding tech is Domain Admin (yay!), but in any case his are good credentials to have, and a nice place to start. You can skip a step and just go with a hardware keylogger, but I'm wary of doing that before asking an admin to come over. Also, test your keylogger against whatever A/V software they're using before you install it there. Antivirus alerts = not subtle. Those are the most fun assignments - Enjoy! Chuck Herrin www.chuckherrin.com Quoting Dan Rogers <pentestguy () gmail com>:
Hi List, I have been asked to test the network security of my organisation from an internal perspective. My boss has not been particularly specific in his requirements (other than asking that I don't break any operational infrastructure) so I can approach the problem from whichever way I deem most appropriate. I suspect the first thing I will attempt is privilege escalation techniques from a workstation with a domain user account to see if I can install my own software/toolset. Can anyone suggest any good whitepapers or tools that I can use to get a head start? I intend to follow this up by scanning/targeting critical parts of our infrastructure - domain controllers, mail servers, routers etc. However, I am interested to know what other people would do when given free reign to identify internal weaknesses - so how should I approach this? This is not an 'audit' exercise, as I will not be given access to server/infrastructure configurations. Any advise on this appreciated. Dan
Current thread:
- priviledge escalation techniques Dan Rogers (Jan 17)
- Re: priviledge escalation techniques Chuck Herrin (Jan 17)
- <Possible follow-ups>
- Re: priviledge escalation techniques miguel . dilaj (Jan 17)
- Re: priviledge escalation techniques lists (Jan 18)
- Re: priviledge escalation techniques jnf (Jan 18)
- RE: priviledge escalation techniques John Cobb (Jan 20)
- Re: priviledge escalation techniques miguel . dilaj (Jan 20)
- Re: priviledge escalation techniques jnf (Jan 20)
- Re: priviledge escalation techniques miguel . dilaj (Jan 20)
- RE: priviledge escalation techniques Marc Maiffret (Jan 20)
- Re: priviledge escalation techniques BSK (Jan 20)
- RE: priviledge escalation techniques Dave Wells (Jan 20)
(Thread continues...)