Re: hacking a NT domain after the member server
From: hofmemi@ey.co.zaDate: 06/14/02
- Previous message: Blake Frantz: "RE: hacking a NT domain after the member server"
- Maybe in reply to: Jason: "hacking a NT domain after the member server"
- Next in thread: bart2k@hushmail.com: "Re: hacking a NT domain after the member server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com From: hofmemi@ey.co.za Date: Fri, 14 Jun 2002 08:01:05 +0200
Jason,
I have found the quickest way to compromise an NT domain is to try null
or commonly used passwords. ie on the server you have compromised
issue the standard domain enumeration commands:
net view /domain
and then
net view /domain:domain_name
then select a few interesting looking hosts and attempt to
connect to the the default shares IPC$, C$, Admin$ by using
net use * \\computer_name\c$ /user:administrator
there are usually a few administrator accounts with a blank or
easy to guess passwords. There are also many tools available to
automate this and try brute forcing ... ie nbtbrute, nat etc.
wrt to a command line tool for sniffing NTLM hashes your
choices are limited. I would simply use tcpdump to capture
any hashes and then u can either crack or use them in a
repaly attack with a tool like smbproxy.
Of course if the machine is seldom used you could simply
install a remote control program like VNC and load up your
GUI tools ;-)
Rgds
Michael Hofmeyr
eSecurity Services
Ernst & Young - Information Systems Assurance & Advisory Services
Wanderers Office Park, 52 Corlett Drive, Illovo, 2196
South Africa
ICQ: 114086666
Tel: +27 11 772 3784
Fax: +27 11 772 4784
GSM: +27 83 256 3716
Email: hofmemi@ey.co.za
Internet: www.ey.com/southafrica
Jason
<cisspstudy@ya To: pen-test@securityfocus.com
hoo.com> cc:
Subject: hacking a NT domain after the member server
2002/06/13
10:49 AM
Currently doing a penetration test and managed to compromise a development
SQL server (W2K/SQL 2000) that is a member of the domain.
I am trying to gather additional information from this host that will
allow me to compromise the domain.
There are no accounts on this host that are the same as the domain.
LSA secrets revealed nothing interesting.
Does anyone have any other ideas?
I would like to install a command line NTLM password sniffer. Does anyone
know of one?
However, people rarely use this server and I am unlikely to get any domain
passwords this way.
Any other ideas?
Any help appreciated.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Blake Frantz: "RE: hacking a NT domain after the member server"
- Maybe in reply to: Jason: "hacking a NT domain after the member server"
- Next in thread: bart2k@hushmail.com: "Re: hacking a NT domain after the member server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
