mailing list archives
Re: There is something to do with metasploit when you own a machine not member of domain?
From: Matt Gardenghi <mtgarden () gmail com>
Date: Sun, 6 Jun 2010 13:52:32 -0400
I had access through a linux box. The next step was to find other weak
points in the organization (poorly secured switches/routers), brute forcing,
and finally scoring MS08-067 on a Windows fileserver.
The point being, your current system may not have "easy access" to the next
level, but that access exists if the networks talk. You just need to scan
across the network until you find A) a vuln, or B) a vulnerable system used
by people of both domains (your bridge).
Scan and probe until you find something that you can leverage into the next
level. If you're in, the vuln is there, you just need to find it. Where's
On Sat, Jun 5, 2010 at 3:16 PM, Richard Miles <
richard.k.miles () googlemail com> wrote:
I have a question that I believe may be interesting, suppose you have
a network with two domains (A and B), you want to compromise the
machines on the domain B, but you only found vulnerabilities in domain
A. You compromised one machine member of domain A and meterpreter is
running with SYSTEM privilege, when you hashdump there is not hashes
from other domains, the local administrator account is different
between domain A and B. Machines on domain B appear to be all well
patched. However, sometimes you see machines of one administrator to
log over SMB or RDP on the machine A that you compromised, however he
uses a domain A credential, since all the other credentials are
different. My question is, there is anything that can be done? Any
kind of impersonate attack, etc where the compromised machine on
domain A could allow me to access the machine on domain B?
I don't think there is a way, but I want to ask since during the last
days I seen very cool features at meterpreter.