-
Just burned his ISO
Capturing passwords on a big LAN!
Hi guys, I booted BT3 on to one of our workstations today as we are trying to assess the risks of someone else doing it, to find out what they would be able to do. We have a large switched network with Win2003 domain.
Once booted up I got allocated my usual static IP from the server and was able to access our local intranet page proving I had IP connectivitiy to the network. I port scanned using nmap and got a whole load of results back from various servers as expected.
My question is, as an attacker - would there be a way to say sniff the network using cain (in my VMware XP build) and catch passwords while users are authenticating to the domain, then giving me valid credentials to go further? - If not, what is an attacker likely to do at this point apart from run exploits? I think someone would be more likely to try to access files etc that they didn't have rights too
Thanks - and for the record, I am the Security officer and this is totally legal.
Nico
-
Grab and crack NTLM and Domain Cached hashes from the PC you're on, and go from there...?
-
=> Is there a DC on your network?
=> Does any of your systems auth with servers via a router?
=> Does your internat web server use AD intergration or any kind of user logon?
If the answer is yes to any of the above I'd start with them.
-
Just burned his ISO
Thanks guys.
Which tool would I use to grab the hashes? - presumably I can access them even though I booted from BT3 USB stick?. I would then use L0phtcrack to attack them right?.
Yes BOFH139
1) we do have DCs on the domain, would it be a case of cain sniffing against the DC?
2) Servers are all internal so don't think so
3) Intranet (internal) doesn't authenticate against AD (as far as I know)
wHIZz
-
Good friend of the forums
-
Just burned his ISO
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Originally Posted by williamc
