Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Linux Targets in a Windows Domain
From: Ian Hayes <cthulhucalling () gmail com>
Date: Sat, 17 Sep 2011 01:04:50 -0700

On Tue, Sep 13, 2011 at 12:45 PM, Doyle, Jason (10090)
<jason.doyle () protiviti com> wrote:

When performing an internal penetration test of a windows domain with an objective of acquiring domain administrator 
credentials and/or credit card >information, what is considered useful information on a Linux system?  I'm in the 
situation where the only vulnerability I can find and exploit is on a >Linux web server.  Of course, I can attempt to 
crack all the local password hashes, and try to use those credentials on other systems.  I'm just >curious if others 
have found other types of information / methods that have brought them closer to compromising windows systems and / 
or the >windows domain.  At this time I don't know what other services are hosted on the Linux system.

There are a couple of things that come to mind... first would be
password re-use. Second, if you've compromised a web server and it's
internal, you could leverage that with a little iframe fun and
browser-autopwn in Metasploit. Have you rummaged through the
filesystem, especially the user home directories and /etc config
files? Are there any other services running on the Linux box?

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]