Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Deeper Penetration
From: Riot <riot () SPINE CX>
Date: Wed, 15 Nov 2000 22:24:54 -0400

Clem Colman wrote:


Most likely things to fall victim would probably be things like the backup
service (whatever they might be running) or some kind of agent monitoring
software (Tivolli etc.)  People have a nasty habit of making these Domain
Admins.

It's hard for something like Tivoli, or a reporting or monitoring tool that is
installed on the domain and running agents, not to be installed as a privileged

account.  Is that not right?  I know that some reporting software that I was
working with pretty much required that level of access.  I guess that you have
to watch to make sure that doesn't end up on a machine that has a higher
likelihood of compromise like a web server, because it can provide an
easier backdoor into the network.

And then there is the ever present backup service .. that's one to watch
out for, for sure ...

For someone breaking into something, those services that are running as
accounts other than LocalSystem or local accounts, can be a great thing
to find!

Cheers,
Riot


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]