Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Linux Targets in a Windows Domain
From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Sat, 17 Sep 2011 15:17:17 +0530

Maybe the Linux box is joined to an AD domain? I'm reasonably sure(coz
I did this long ago) that the SMB suite of tools can be used to access
Windows resources from the Linux box.

In other words.. Maybe the Linux box is using some credentials
somewhere to join itself to the AD which you can get hold of?

Another thing that can be done is(if you get root) is to install a
sniffer(or maybe it already is installed) and sniff traffic from other
machines. Maybe they're storing files on that Linux box?

Is the code also on the same Webserver? What about the DB? Maybe a
harcoded connection string? Get access to a DB using a SQL client..and
take it from there?

Hope that helps a bit :)

Arvind

On Wed, Sep 14, 2011 at 1:15 AM, Doyle, Jason (10090)
<jason.doyle () protiviti com> wrote:
When performing an internal penetration test of a windows domain with an objective of acquiring domain administrator 
credentials and/or credit card information, what is considered useful information on a Linux system?  I'm in the 
situation where the only vulnerability I can find and exploit is on a Linux web server.  Of course, I can attempt to 
crack all the local password hashes, and try to use those credentials on other systems.  I'm just curious if others 
have found other types of information / methods that have brought them closer to compromising windows systems and / 
or the windows domain.  At this time I don't know what other services are hosted on the Linux system.

Thanks,

Jason Doyle

NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and 
advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on 
financial statements or offer attestation services.

This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This 
message, together with any attachment, may contain confidential and privileged information. Any views, opinions or 
conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of 
Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or 
distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender 
by reply email message to the sender and delete all copies of this message. Thank you.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault