General discussion

Locked

Gain Domain Access

By wwnexc ·
I am doing some penetration testing and were able to log on to the webserver of the nework using the local administrator password. The domain-controller (active directory host) has a different password.

I know that the domain administrator logs on to the webserver, using his domain-admin-account, every now and than per remote desktop connection from some unknown/secure workstation.

Is there a way to capture his login password from the remote desktop connection by installing something on the webserver (should be invisible).

Thanks

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Gain Domain Access

If the domain administrator is smart, the local admin account on the web server is totally different account name and password than on the domain network. Further, if the administrator was smart, the web server wouldn't even be on the same network as the domain network.

Capturing the local admin password for a web server probably won't yield you the domain admin account or password, that is if the administrator was smart.

only way to capture a domain admin account is if the domain admin used that account over the internet and you happened to capture it.

Collapse -

by wwnexc In reply to Gain Domain Access

I know that the domain controller and web server are on the same network and domain...

Collapse -

by Jaqui In reply to Gain Domain Access

"Is there a way to capture his login password from the remote desktop connection by installing something on the webserver (should be invisible)."

rootkit

btw, this type of activity is illegal.
"un-authorised access to computer"

if testing for the company, then you should know how to test, before taking the contract.

Collapse -

by wwnexc In reply to

Perfect!!! Short and to the point...

Collapse -

by BFilmFan In reply to Gain Domain Access

Even if you managed to get a domain administraator's account, you would NOT be able to get the Directory Services Recovery Administrator's account.

If the administrator is really smart, he is authenticating with both Kerberos and smart cards or certificates. Having just the password isn't going to open the door.

And if he is a really smart administrator, he will see the user accounts and IP addresses in the Security Event Log that is attempting to hack the server. And with a good security plan that includes 3 bad password attempts and the account is locked till an admin unlocks, usually identifies the culprit quickily.

And just for the record, there is no such thing as an invisible keystroke logger. Anyone with enough sense to look in services will quickly identify it.

If you were really interested in becoming a specialist in Active Directory security, I'd recommend taking a class in preparation for the Ethical Hacking and Countermeasures (312-50) v3 exam, which will be relased in March 2005.

Collapse -

by wwnexc In reply to Gain Domain Access

This question was closed by the author

Back to Security Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums