Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Linux Targets in a Windows Domain
From: Steve Lord <steve () 44con com>
Date: Sat, 17 Sep 2011 21:54:36 +0100

The Linux box should be capable of netbios name spoofing and cryptographic authentication attacks. Combine the two and 
compare hashes to recovered Linux passwords and Robert's your fathers brother.

--

This message sent from a mobile phone.

On 17 Sep 2011, at 09:04, Ian Hayes <cthulhucalling () gmail com> wrote:

On Tue, Sep 13, 2011 at 12:45 PM, Doyle, Jason (10090)
<jason.doyle () protiviti com> wrote:

When performing an internal penetration test of a windows domain with an objective of acquiring domain administrator 
credentials and/or credit card >information, what is considered useful information on a Linux system?  I'm in the 
situation where the only vulnerability I can find and exploit is on a >Linux web server.  Of course, I can attempt 
to crack all the local password hashes, and try to use those credentials on other systems.  I'm just >curious if 
others have found other types of information / methods that have brought them closer to compromising windows systems 
and / or the >windows domain.  At this time I don't know what other services are hosted on the Linux system.

There are a couple of things that come to mind... first would be
password re-use. Second, if you've compromised a web server and it's
internal, you could leverage that with a little iframe fun and
browser-autopwn in Metasploit. Have you rummaged through the
filesystem, especially the user home directories and /etc config
files? Are there any other services running on the Linux box?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]