Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Mitigate FTP

From: "Pete.LeMay" <pete.lemay () whro org>
Date: Fri, 17 Oct 2008 09:33:13 -0400
With AD based accounts, the ftp login should be "domain\user". By only
supplying the username IIS checks the local machine accounts. 

Pete

-----Original Message-----
From: Gary E. Miller [mailto:gem () rellim com] 
Sent: Friday, October 17, 2008 1:42 AM
To: Pete.LeMay
Cc: Sarah Wahl; pen-test () securityfocus com
Subject: RE: Mitigate FTP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Pete!

On Thu, 16 Oct 2008, Pete.LeMay wrote:


The other password option is to make the users accounts Active

Directory

based. I've only seen dictionary attacks against local accounts...


How does the attacker see AD passwords different than local passwords?

All the ftp attacker sees is a username/password prompt.

RGDS
GARY
-
------------------------------------------------------------------------
---
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFI+CWpBmnRqz71OvMRAmMwAJ9RMZ8k7yHb/07kNuB/dkFP0GviegCdG1r/
XlaVNyBs5x2fv7a/N9S71hA=
=hMm7
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: