Step-by-Step Guide

Hacking Windows server processes and services

In a recent tip, I outlined the higher-level steps associated with domain controller penetration testing: 1) reconnaissance, 2) enumeration, 3) vulnerability discovery, and 4) vulnerability exploitation.

    Requires Free Membership to View

Now that you know the methodology, I'll show you more in-depth into the vulnerability discovery and exploitation phases and how you can test specific Windows processes and services.

Let's take a look at some vulnerable Windows processes and services that can be exploited by an unauthorized user. Keep in mind that these aren't necessarily tied to just Windows domain controllers -- these hacks can easily be run against most Windows server configurations regardless of their roles.


Hacking server processes and services

 Home: Introduction
 Step 1:  Home in on your target
 Step 2:  Use good information and good tools to get rolling
 Step 3:  Drive your point home

ABOUT THE AUTHOR
Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.
Copyright 2005 TechTarget

This was first published in July 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: