Problem solve Get help with specific problems with your technologies, process and projects.

Hacking Windows server processes and services

The multitude of processes and services on your servers are ripe for exploitation. This step-by-step guide from vulnerability testing expert Kevin Beaver provides specific steps for testing the security of your Windows servers' configurations.

In a recent tip, I outlined the higher-level steps associated with domain controller penetration testing: 1) reconnaissance, 2) enumeration, 3) vulnerability discovery, and 4) vulnerability exploitation. Now that you know the methodology, I'll show you more in-depth into the vulnerability discovery and exploitation phases and how you can test specific Windows processes and services.

Let's take a look at some vulnerable Windows processes and services that can be exploited by an unauthorized user. Keep in mind that these aren't necessarily tied to just Windows domain controllers -- these hacks can easily be run against most Windows server configurations regardless of their roles.

Hacking server processes and services

 Home: Introduction
 Step 1:  Home in on your target
 Step 2:  Use good information and good tools to get rolling
 Step 3:  Drive your point home

Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at
Copyright 2005 TechTarget

Dig Deeper on Windows Server management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.