priviledge escalation techniques

• Previous message: Steven: "Re: DoS/DDoS Attack"
• Next in thread: Chuck Herrin: "Re: priviledge escalation techniques"
• Reply: Chuck Herrin: "Re: priviledge escalation techniques"
• Maybe reply: miguel.dilaj_at_pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: Marc Maiffret: "RE: priviledge escalation techniques"
• Maybe reply: miguel.dilaj_at_pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: miguel.dilaj_at_pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: BSK: "Re: priviledge escalation techniques"
• Maybe reply: Dave Wells: "RE: priviledge escalation techniques"
• Maybe reply: BSK: "Re: priviledge escalation techniques"
• Maybe reply: Michael Howard: "RE: priviledge escalation techniques"
• Maybe reply: Roy Stapleton: "RE: priviledge escalation techniques"
• Maybe reply: Roy Stapleton: "RE: priviledge escalation techniques"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 16 Jan 2005 15:58:59 +0000
To: pen-test@securityfocus.com

Hi List,

I have been asked to test the network security of my organisation from
an internal perspective. My boss has not been particularly specific in
his requirements (other than asking that I don't break any operational
infrastructure) so I can approach the problem from whichever way I
deem most appropriate.

I suspect the first thing I will attempt is privilege escalation
techniques from a workstation with a domain user account to see if I
can install my own software/toolset. Can anyone suggest any good
whitepapers or tools that I can use to get a head start?

I intend to follow this up by scanning/targeting critical parts of our
infrastructure - domain controllers, mail servers, routers etc.
However, I am interested to know what other people would do when given
free reign to identify internal weaknesses - so how should I approach
this? This is not an 'audit' exercise, as I will not be given access
to server/infrastructure configurations.

Any advise on this appreciated.

Dan

• Previous message: Steven: "Re: DoS/DDoS Attack"
• Next in thread: Chuck Herrin: "Re: priviledge escalation techniques"
• Reply: Chuck Herrin: "Re: priviledge escalation techniques"
• Maybe reply: miguel.dilaj_at_pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: Marc Maiffret: "RE: priviledge escalation techniques"
• Maybe reply: miguel.dilaj_at_pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: miguel.dilaj_at_pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: BSK: "Re: priviledge escalation techniques"
• Maybe reply: Dave Wells: "RE: priviledge escalation techniques"
• Maybe reply: BSK: "Re: priviledge escalation techniques"
• Maybe reply: Michael Howard: "RE: priviledge escalation techniques"
• Maybe reply: Roy Stapleton: "RE: priviledge escalation techniques"
• Maybe reply: Roy Stapleton: "RE: priviledge escalation techniques"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages DNSs, MXs and RBLs.... ... Since the new users will be in company A's infrastructure, ... DNS that it points out to companyA.com, then it will go ask a DNS who is ... because I think that company A's mail servers risk of being "black listed" ... (Security-Basics) Re: DNSs, MXs and RBLs.... ... Since the new users will be in company A's infrastructure, ... DNS that it points out to companyA.com, then it will go ask a DNS who is ... Whoever controls the DNS zone file for newco.com will control the IP ... because I think that company A's mail servers risk of being "black listed" ... (Security-Basics)