Penetration Testing mailing list archives
priviledge escalation techniques
From: Dan Rogers <pentestguy () gmail com>
Date: Sun, 16 Jan 2005 15:58:59 +0000
Hi List, I have been asked to test the network security of my organisation from an internal perspective. My boss has not been particularly specific in his requirements (other than asking that I don't break any operational infrastructure) so I can approach the problem from whichever way I deem most appropriate. I suspect the first thing I will attempt is privilege escalation techniques from a workstation with a domain user account to see if I can install my own software/toolset. Can anyone suggest any good whitepapers or tools that I can use to get a head start? I intend to follow this up by scanning/targeting critical parts of our infrastructure - domain controllers, mail servers, routers etc. However, I am interested to know what other people would do when given free reign to identify internal weaknesses - so how should I approach this? This is not an 'audit' exercise, as I will not be given access to server/infrastructure configurations. Any advise on this appreciated. Dan
Current thread:
- priviledge escalation techniques Dan Rogers (Jan 17)
- Re: priviledge escalation techniques Chuck Herrin (Jan 17)
- <Possible follow-ups>
- Re: priviledge escalation techniques miguel . dilaj (Jan 17)
- Re: priviledge escalation techniques lists (Jan 18)
- Re: priviledge escalation techniques jnf (Jan 18)
- RE: priviledge escalation techniques John Cobb (Jan 20)
- Re: priviledge escalation techniques miguel . dilaj (Jan 20)
- Re: priviledge escalation techniques jnf (Jan 20)
- Re: priviledge escalation techniques miguel . dilaj (Jan 20)
- RE: priviledge escalation techniques Marc Maiffret (Jan 20)
- Re: priviledge escalation techniques BSK (Jan 20)
(Thread continues...)