Re: hacking a NT domain after the member server

From: bart2k@hushmail.com
Date: Fri Jun 14 2002 - 11:04:32 EDT


Since your in the domain, I'd look to see if the SQL box has any interesting LMHOSTS defined (ie. PDC or BDC), and modify the entry or two so you get redirected auth requests to your box. All you need it for is a few minutes during the morning when everyone is signing in...sniff it up with ethreal or whatever you prefer and then change back the LMHOST settings before the tech support staff starts snooping, and help desk calls skyrocket.

Hope this helps
B@rt

On 13 Jun 2002 08:49:09 -0000, Jason <cisspstudy@yahoo.com> wrote:
>
>Currently doing a penetration test and managed to compromise a development
>SQL server (W2K/SQL 2000) that is a member of the domain.
>
>I am trying to gather additional information from this host that will
>allow me to compromise the domain.
>
>There are no accounts on this host that are the same as the domain.
>LSA secrets revealed nothing interesting.
>
>Does anyone have any other ideas?
>
>I would like to install a command line NTLM password sniffer. Does anyone
>know of one?
>
>However, people rarely use this server and I am unlikely to get any domain
>passwords this way.
>
>Any other ideas?
>
>Any help appreciated.
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
>
>

Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT