I am doing some penetration testing and were able to log on to the webserver of the nework using the local administrator password. The domain-controller (active directory host) has a different password.
I know that the domain administrator logs on to the webserver, using his domain-admin-account, every now and than per remote desktop connection from some unknown/secure workstation.
Is there a way to capture his login password from the remote desktop connection by installing something on the webserver (should be invisible).
Thanks
