In a recent tip, I outlined the higher-level steps associated with domain controller penetration testing: 1) reconnaissance, 2) enumeration, 3) vulnerability discovery, and 4) vulnerability exploitation.
Requires Free Membership to View
When you register, my team of editors will also send you the latest expert resources covering pertinent IT topics such as Windows server backup and recovery, server administration, storage management, infrastructure security, virtualization, Hyper-V, Active Directory and Group Policy.
Cathleen A. Gagne, Senior Editorial Director
Now that you know the methodology, I'll show you more in-depth
into the vulnerability discovery and exploitation phases and how you can test specific Windows
processes and services.
Let's take a look at some vulnerable Windows processes and services that can be exploited by an unauthorized user. Keep in mind that these aren't necessarily tied to just Windows domain controllers -- these hacks can easily be run against most Windows server configurations regardless of their roles.
Hacking server processes and services
Home: Introduction
Step 1: Home in on your target
Step 2: Use good information and good tools to get rolling
Step 3: Drive your point home
ABOUT THE AUTHOR
Kevin Beaver is an independent information security consultant and expert witness
with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and
specializes in performing information security assessments revolving around compliance and IT
governance. Kevin has written six books including Hacking For Dummies (Wiley), Hacking Wireless
Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach).
He can be reached at kbeaver@principlelogic.com.
Copyright 2005 TechTarget
This was first published in July 2006