Results 1 to 6 of 6

Thread: Capturing passwords on a big LAN!

Hybrid View

  1. #1
    Just burned his ISO dxi5t's Avatar
    Join Date
    Feb 2010
    Posts
    15

    Default Capturing passwords on a big LAN!

    Hi guys, I booted BT3 on to one of our workstations today as we are trying to assess the risks of someone else doing it, to find out what they would be able to do. We have a large switched network with Win2003 domain.

    Once booted up I got allocated my usual static IP from the server and was able to access our local intranet page proving I had IP connectivitiy to the network. I port scanned using nmap and got a whole load of results back from various servers as expected.

    My question is, as an attacker - would there be a way to say sniff the network using cain (in my VMware XP build) and catch passwords while users are authenticating to the domain, then giving me valid credentials to go further? - If not, what is an attacker likely to do at this point apart from run exploits? I think someone would be more likely to try to access files etc that they didn't have rights too

    Thanks - and for the record, I am the Security officer and this is totally legal.

    Nico

  2. #2
    Just burned his ISO
    Join Date
    Nov 2007
    Posts
    9

    Default

    Grab and crack NTLM and Domain Cached hashes from the PC you're on, and go from there...?

  3. #3
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    => Is there a DC on your network?

    => Does any of your systems auth with servers via a router?

    => Does your internat web server use AD intergration or any kind of user logon?

    If the answer is yes to any of the above I'd start with them.

  4. #4
    Just burned his ISO dxi5t's Avatar
    Join Date
    Feb 2010
    Posts
    15

    Default

    Thanks guys.

    Which tool would I use to grab the hashes? - presumably I can access them even though I booted from BT3 USB stick?. I would then use L0phtcrack to attack them right?.

    Yes BOFH139
    1) we do have DCs on the domain, would it be a case of cain sniffing against the DC?
    2) Servers are all internal so don't think so
    3) Intranet (internal) doesn't authenticate against AD (as far as I know)

    wHIZz

  5. #5
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

  6. #6
    Just burned his ISO dxi5t's Avatar
    Join Date
    Feb 2010
    Posts
    15

    Default

    Quote Originally Posted by williamc View Post
    Great, thanks. Will try this and let you know how things go

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •