In a recent tip, I outlined the higher-level steps associated with domain controller penetration testing: 1) reconnaissance, 2) enumeration, 3) vulnerability discovery, and 4) vulnerability exploitation. Now that you know the methodology, I'll show you more in-depth into the vulnerability discovery and exploitation phases and how you can test specific Windows processes and services.
Let's take a look at some vulnerable Windows processes and services that can be exploited by an unauthorized user. Keep in mind that these aren't necessarily tied to just Windows domain controllers -- these hacks can easily be run against most Windows server configurations regardless of their roles.
Hacking server processes and services
Step 1: Home in on your target
Step 2: Use good information and good tools to get rolling
Step 3: Drive your point home
ABOUT THE AUTHOR
Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at email@example.com.
Copyright 2005 TechTarget