Penetration Testing mailing list archives
Re: [PEN-TEST] Deeper Penetration
From: Riot <riot () SPINE CX>
Date: Wed, 15 Nov 2000 22:24:54 -0400
Clem Colman wrote:
Most likely things to fall victim would probably be things like the backup service (whatever they might be running) or some kind of agent monitoring software (Tivolli etc.) People have a nasty habit of making these Domain Admins.
It's hard for something like Tivoli, or a reporting or monitoring tool that is installed on the domain and running agents, not to be installed as a privileged account. Is that not right? I know that some reporting software that I was working with pretty much required that level of access. I guess that you have to watch to make sure that doesn't end up on a machine that has a higher likelihood of compromise like a web server, because it can provide an easier backdoor into the network. And then there is the ever present backup service .. that's one to watch out for, for sure ... For someone breaking into something, those services that are running as accounts other than LocalSystem or local accounts, can be a great thing to find! Cheers, Riot
Current thread:
- [PEN-TEST] Deeper Penetration thylacine (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Ryan Russell (Nov 16)
- <Possible follow-ups>
- Re: [PEN-TEST] Deeper Penetration Miller Scott Contr 30CS/FTI (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Riot (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Chris St. Clair (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Oliver Petruzel (Nov 16)
- Re: [PEN-TEST] Deeper Penetration Oliver Petruzel (Nov 16)
- Re: [PEN-TEST] Deeper Penetration J. Oquendo (Nov 17)
- Re: [PEN-TEST] Deeper Penetration Beauregard, Claude Q (Nov 17)
- Re: [PEN-TEST] Deeper Penetration Clem Colman (Nov 17)