priviledge escalation techniques

From: Dan Rogers (pentestguy@gmail.com)
Date: Sun Jan 16 2005 - 10:58:59 EST

• Next message: rzaluski: "RE: DoS/DDoS Attack"
• Previous message: Steven: "Re: DoS/DDoS Attack"
• Next in thread: Chuck Herrin: "Re: priviledge escalation techniques"
• Reply: Chuck Herrin: "Re: priviledge escalation techniques"
• Maybe reply: miguel.dilaj@pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: Marc Maiffret: "RE: priviledge escalation techniques"
• Maybe reply: miguel.dilaj@pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: miguel.dilaj@pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: BSK: "Re: priviledge escalation techniques"
• Maybe reply: Dave Wells: "RE: priviledge escalation techniques"
• Maybe reply: BSK: "Re: priviledge escalation techniques"
• Maybe reply: Michael Howard: "RE: priviledge escalation techniques"
• Maybe reply: Roy Stapleton: "RE: priviledge escalation techniques"
• Maybe reply: Roy Stapleton: "RE: priviledge escalation techniques"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi List,

I have been asked to test the network security of my organisation from
an internal perspective. My boss has not been particularly specific in
his requirements (other than asking that I don't break any operational
infrastructure) so I can approach the problem from whichever way I
deem most appropriate.

I suspect the first thing I will attempt is privilege escalation
techniques from a workstation with a domain user account to see if I
can install my own software/toolset. Can anyone suggest any good
whitepapers or tools that I can use to get a head start?

I intend to follow this up by scanning/targeting critical parts of our
infrastructure - domain controllers, mail servers, routers etc.
However, I am interested to know what other people would do when given
free reign to identify internal weaknesses - so how should I approach
this? This is not an 'audit' exercise, as I will not be given access
to server/infrastructure configurations.

Any advise on this appreciated.

Dan

• Next message: rzaluski: "RE: DoS/DDoS Attack"
• Previous message: Steven: "Re: DoS/DDoS Attack"
• Next in thread: Chuck Herrin: "Re: priviledge escalation techniques"
• Reply: Chuck Herrin: "Re: priviledge escalation techniques"
• Maybe reply: miguel.dilaj@pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: Marc Maiffret: "RE: priviledge escalation techniques"
• Maybe reply: miguel.dilaj@pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: miguel.dilaj@pharma.novartis.com: "Re: priviledge escalation techniques"
• Maybe reply: BSK: "Re: priviledge escalation techniques"
• Maybe reply: Dave Wells: "RE: priviledge escalation techniques"
• Maybe reply: BSK: "Re: priviledge escalation techniques"
• Maybe reply: Michael Howard: "RE: priviledge escalation techniques"
• Maybe reply: Roy Stapleton: "RE: priviledge escalation techniques"
• Maybe reply: Roy Stapleton: "RE: priviledge escalation techniques"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:14 EDT