hacking a NT domain after the member server

From: Jason (cisspstudy@yahoo.com)
Date: 06/13/02

• Previous message: Dan Cuthbert: "Enumerating Netscape Enterprise\Application server"
• Next in thread: Fabrizio Siciliano: "RE: hacking a NT domain after the member server"
• Reply: Fabrizio Siciliano: "RE: hacking a NT domain after the member server"
• Reply: Blake Frantz: "RE: hacking a NT domain after the member server"
• Reply: hofmemi@ey.co.za: "Re: hacking a NT domain after the member server"
• Reply: bart2k@hushmail.com: "Re: hacking a NT domain after the member server"
• Reply: Erik Birkholz: "Re: hacking a NT domain after the member server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 13 Jun 2002 08:49:09 -0000
From: Jason <cisspstudy@yahoo.com>
To: pen-test@securityfocus.com

('binary' encoding is not supported, stored as-is)

Currently doing a penetration test and managed to compromise a development
SQL server (W2K/SQL 2000) that is a member of the domain.

I am trying to gather additional information from this host that will
allow me to compromise the domain.

There are no accounts on this host that are the same as the domain.
LSA secrets revealed nothing interesting.

Does anyone have any other ideas?

I would like to install a command line NTLM password sniffer. Does anyone
know of one?

However, people rarely use this server and I am unlikely to get any domain
passwords this way.

Any other ideas?

Any help appreciated.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

---

• Previous message: Dan Cuthbert: "Enumerating Netscape Enterprise\Application server"
• Next in thread: Fabrizio Siciliano: "RE: hacking a NT domain after the member server"
• Reply: Fabrizio Siciliano: "RE: hacking a NT domain after the member server"
• Reply: Blake Frantz: "RE: hacking a NT domain after the member server"
• Reply: hofmemi@ey.co.za: "Re: hacking a NT domain after the member server"
• Reply: bart2k@hushmail.com: "Re: hacking a NT domain after the member server"
• Reply: Erik Birkholz: "Re: hacking a NT domain after the member server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Send output to file in SQL ... there are couple of ways to do this in Microsoft SQL Server. ... - Run the query from command line, using isql.exe or osql.exe by passing ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) SQL Insertion ... [ODBC SQL Server Driver][SQL ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: SQL ... statement being executed in the ISS server ... which will run the 'dir' command in the SQL server ... > This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: hacking a NT domain after the member server ... >SQL server that is a member of the domain. ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Linux Users/proccess monitoring etc. ... > I have searched google and securityfocus but did not find an tool wich ... compromise your machine, in no particular order I'd suggest the following ... Always keep backups of your logs, you can never have enough to prove your ... (comp.os.linux.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2002-06