Network Security: Detailed info on priviledge escalation techniques

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

priviledge escalation techniques

from [Dan Rogers] Network Security

[Permanent Link]

Subject:	priviledge escalation techniques
Date:	Sun, 16 Jan 2005 15:58:59 +0000

Hi List,

I have been asked to test the network security of my organisation from
an internal perspective. My boss has not been particularly specific in
his requirements (other than asking that I don't break any operational
infrastructure) so I can approach the problem from whichever way I
deem most appropriate.

I suspect the first thing I will attempt is privilege escalation
techniques from a workstation with a domain user account to see if I
can install my own software/toolset. Can anyone suggest any good
whitepapers or tools that I can use to get a head start?

I intend to follow this up by scanning/targeting critical parts of our
infrastructure - domain controllers, mail servers, routers etc.
However, I am interested to know what other people would do when given
free reign to identify internal weaknesses - so how should I approach
this? This is not an 'audit' exercise, as I will not be given access
to server/infrastructure configurations.

Any advise on this appreciated.

Dan

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
priviledge escalation techniques, Dan Rogers <= Re: priviledge escalation techniques, Chuck Herrin Re: priviledge escalation techniques, miguel . dilaj Re: priviledge escalation techniques, lists Re: priviledge escalation techniques, jnf RE: priviledge escalation techniques, John Cobb Re: priviledge escalation techniques, miguel . dilaj Re: priviledge escalation techniques, miguel . dilaj Re: priviledge escalation techniques, jnf RE: priviledge escalation techniques, Marc Maiffret Re: priviledge escalation techniques, BSK

Previous by Date:	Re: DoS/DDoS Attack, Steven
Next by Date:	RE: DoS/DDoS Attack, rzaluski
Previous by Thread:	RE: DoS/DDoS Attack, Wallisch, Philip
Next by Thread:	Re: priviledge escalation techniques, Chuck Herrin
Indexes:	[Date] [Thread] [Top] [All Lists]