Home page logo
/

metasploit logo Metasploit mailing list archives

Re: defences from incognito
From: HD Moore <hdm () metasploit com>
Date: Sun, 09 May 2010 15:24:39 -0500

On 5/9/2010 3:20 PM, Robin Wood wrote:
Hi
I asked this on the PaulDotCom list and the only suggestion I got was
from Mubix suggesting using group policy to time out cached
credentials. Any other suggestions would be helpful....

Has anyone got any good references I can pass on to clients I've owned
through incognito? Beyond suggesting be careful who you log in as and
using least privileges what else can I suggest?

There isn't really a defense if you have system access to a machine with
a logged in administrative user. I have heard that enabling kerberos can
help in terms of session lifetime, but since you can just sniff the
user's clear-text keystrokes when they authenticate, its not a real
solution.

A fun trick us injecting into winlogon, start the keystroke monitor,
then locking the user's screen. When they authenticate to get back to
their desktop, you have the clear-text password.

-HD

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]