SecurityFocus

Linux Targets in a Windows Domain Sep 13 2011 07:45PM
Doyle, Jason \(10090\) (jason doyle protiviti com) (2 replies)

Re: Linux Targets in a Windows Domain Sep 17 2011 09:47AM
arvind doraiswamy (arvind doraiswamy gmail com)

Re: Linux Targets in a Windows Domain Sep 17 2011 08:04AM
Ian Hayes (cthulhucalling gmail com) (1 replies)

Re: Linux Targets in a Windows Domain Sep 17 2011 08:54PM
Steve Lord (steve 44con com)

The Linux box should be capable of netbios name spoofing and cryptographic authentication attacks. Combine the two and compare hashes to recovered Linux passwords and Robert's your fathers brother.

--

This message sent from a mobile phone.

On 17 Sep 2011, at 09:04, Ian Hayes <cthulhucalling (at) gmail (dot) com [email concealed]> wrote:

> On Tue, Sep 13, 2011 at 12:45 PM, Doyle, Jason (10090)
> <jason.doyle (at) protiviti (dot) com [email concealed]> wrote:
>>
>> When performing an internal penetration test of a windows domain with an objective of acquiring domain administrator credentials and/or credit card >information, what is considered useful information on a Linux system? I'm in the situation where the only vulnerability I can find and exploit is on a >Linux web server. Of course, I can attempt to crack all the local password hashes, and try to use those credentials on other systems. I'm just >curious if others have found other types of information / methods that have brought them closer to compromising windows systems and / or the >windows domain. At this time I don't know what other services are hosted on the Linux system.
>
> There are a couple of things that come to mind... first would be
> password re-use. Second, if you've compromised a web server and it's
> internal, you could leverage that with a little iframe fun and
> browser-autopwn in Metasploit. Have you rummaged through the
> filesystem, especially the user home directories and /etc config
> files? Are there any other services running on the Linux box?
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]