Mar 062009
 

During an audit I had to determine whether a particular remote control service was installed on the Domain workstations and servers. It was determined during the interview process that no remote control software was in use.  I decided to obtain the evidence to the contrary.  I had already compromised a Domain Administrator account so I had the appropriate permissions.
Continue reading »

Mar 062009
 

CACLS.exe is a great builtin Windows utility that allows you to list the permissions on a file or folder.  This command has been used in an audit to get the permissions of the folders on an agency file server that served the “private” shares to each Domain user.  The findings we would be looking for when examining the results are improper access to the “private” shares by other Domain users.

For CACLS options and how to interpret the results see this site.
Continue reading »

Dec 022008
 

Core Technologies hosted a series of three webcasts called Penetration Testing Ninjitsu by Ed Skoudis (http://www.coresecurity.com/content/webcast-series-with-sans).  I highly recommend listening to these web casts and downloading the slides for your reference.  I’m including the commands extracted from the slides that can be very useful for a penetration test.
Continue reading »