Re: Linux Targets in a Windows Domain

[Ian Hayes <cthulhucalling () gmail com>]

On Tue, Sep 13, 2011 at 12:45 PM, Doyle, Jason (10090)
<jason.doyle () protiviti com> wrote:
> When performing an internal penetration test of a windows domain with an objective of acquiring domain administrator 
> credentials and/or credit card >information, what is considered useful information on a Linux system?  I'm in the 
> situation where the only vulnerability I can find and exploit is on a >Linux web server.  Of course, I can attempt to 
> crack all the local password hashes, and try to use those credentials on other systems.  I'm just >curious if others 
> have found other types of information / methods that have brought them closer to compromising windows systems and / 
> or the >windows domain.  At this time I don't know what other services are hosted on the Linux system.

There are a couple of things that come to mind... first would be
password re-use. Second, if you've compromised a web server and it's
internal, you could leverage that with a little iframe fun and
browser-autopwn in Metasploit. Have you rummaged through the
filesystem, especially the user home directories and /etc config
files? Are there any other services running on the Linux box?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------