Penetration Testing mailing list archives
Linux Targets in a Windows Domain
From: "Doyle, Jason \(10090\)" <jason.doyle () protiviti com>
Date: Tue, 13 Sep 2011 12:45:43 -0700
When performing an internal penetration test of a windows domain with an objective of acquiring domain administrator credentials and/or credit card information, what is considered useful information on a Linux system? I'm in the situation where the only vulnerability I can find and exploit is on a Linux web server. Of course, I can attempt to crack all the local password hashes, and try to use those credentials on other systems. I'm just curious if others have found other types of information / methods that have brought them closer to compromising windows systems and / or the windows domain. At this time I don't know what other services are hosted on the Linux system. Thanks, Jason Doyle NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Linux Targets in a Windows Domain Doyle, Jason (10090) (Sep 16)
- Re: Linux Targets in a Windows Domain Ian Hayes (Sep 17)
- Re: Linux Targets in a Windows Domain Steve Lord (Sep 17)
- Re: Linux Targets in a Windows Domain arvind doraiswamy (Sep 17)
- Re: Linux Targets in a Windows Domain Ian Hayes (Sep 17)