Security Basics mailing list archives

RE: Threat vector of running a service using a domain account

From: "Ramsdell, Scott" <Scott.Ramsdell () cellnet com>
Date: Fri, 14 Sep 2007 09:01:05 -0400

Saqib,

I believe you're right.  Each time I've run cachedump for demonstration
I do not receive hashes for services logging in over the network, I only
receive hashes for interactive users.

Kind Regards,
Scott Ramsdell

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Ali, Saqib
Sent: Thursday, September 13, 2007 12:42 PM
To: Jay
Cc: smanaois3 () gmail com; security-basics () securityfocus com
Subject: Re: Threat vector of running a service using a domain account

If a server does cache these creditonals then these can be attacked

independant of the AD and its underlying security controls.


If a service uses domain credential, do those credentials get cached?
I thought only interactive logon credentials are cached.

saqib
http://security-basics.blogspot.com/

Current thread:

Re: Threat vector of running a service using a domain account, (continued)
- - Re: Threat vector of running a service using a domain account Ali, Saqib (Sep 12)
    - Re: Threat vector of running a service using a domain account gjgowey (Sep 13)
- Re: Threat vector of running a service using a domain account James Fryman (Sep 13)
- Re: Threat vector of running a service using a domain account jfvanmeter (Sep 12)
  - Re: Threat vector of running a service using a domain account Ali, Saqib (Sep 12)
- Re: RE: Threat vector of running a service using a domain account levinson_k (Sep 12)
- Re: Threat vector of running a service using a domain account jfvanmeter (Sep 12)
- Re: Re: Threat vector of running a service using a domain account levinson_k (Sep 12)
- Re: Threat vector of running a service using a domain account Jay (Sep 13)
  - Re: Threat vector of running a service using a domain account Ali, Saqib (Sep 13)
    - RE: Threat vector of running a service using a domain account Ramsdell, Scott (Sep 14)
    - RE: Threat vector of running a service using a domain account Roger A. Grimes (Sep 14)
    - RE: Threat vector of running a service using a domain account Ramsdell, Scott (Sep 14)
    - RE: Threat vector of running a service using a domain account Roger A. Grimes (Sep 18)
- RE: Threat vector of running a service using a domain account Jay (Sep 14)
  - RE: Threat vector of running a service using a domain account Ramsdell, Scott (Sep 14)
    - Re: Threat vector of running a service using a domain account Ali, Saqib (Sep 14)
    - RE: Threat vector of running a service using a domain account Roger A. Grimes (Sep 14)
  - RE: Threat vector of running a service using a domain account Roger A. Grimes (Sep 14)