I'm working on a NT 4.0 server that appears to have SP5, Exchange 5.5 SP3,
IIS 4.0 installed.
It is running FAT on the boot partition (he said while sadly shaking his
head) and I have been able to copy SAM._ to the wwwroot directory, download
and crack it, (and delete it from wwwroot so no one stumbles across it).
I already know what is going to happen when I show up with the admin password
for this server. They are going to say this is just a member server, so
it's no big deal. We all know this is wrong, but I need to prove why. I
need to move on to a domain controller. None of the accounts or passwords
I received from the local SAM on this server can be used to directly attack
the domain. I need to establish a strong foot-hold on this server and move
deeper into the domain.
At this point I would like to install a keyboard capture program or perhaps
VNC. Problem is, the system is firewalled and I can't get the server to
download any tools. Suggestions anyone.
Standard Pen-Test disclaimer: This is a legal hack. :-)
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
Received on Nov 16 2000
Intro
