Hi guys, I booted BT3 on to one of our workstations today as we are trying to assess the risks of someone else doing it, to find out what they would be able to do. We have a large switched network with Win2003 domain.

Once booted up I got allocated my usual static IP from the server and was able to access our local intranet page proving I had IP connectivitiy to the network. I port scanned using nmap and got a whole load of results back from various servers as expected.

My question is, as an attacker - would there be a way to say sniff the network using cain (in my VMware XP build) and catch passwords while users are authenticating to the domain, then giving me valid credentials to go further? - If not, what is an attacker likely to do at this point apart from run exploits? I think someone would be more likely to try to access files etc that they didn't have rights too

Thanks - and for the record, I am the Security officer and this is totally legal.

Nico