Penetration Testing

[Oz]

Hi all,
Just saw a penetration demonstration by Jesper Johannsen (Microsoft), where he penetrates a corporate domain controller (and therefor the HR database ) through a dodgy authentication routine on a web server with a SQL back end. About 8 or 9 machines to get there, but it blew my mind. The web server had port 80 open and port 443 echoing, but nothing running. He managed to forward TS through the 443 port ad get full GUI access to the lot!!!

It's made me very, very paranoid about network security in general.

For all those who work in IT, if you ever get the opportunity to see him in action, jump on it.

[Neutrino]

Quote:

Originally Posted by Oz

Hi all,
Just saw a penetration demonstration by Jesper Johannsen (Microsoft), where he penetrates a corporate domain controller (and therefor the HR database ) through a dodgy authentication routine on a web server with a SQL back end. About 8 or 9 machines to get there, but it blew my mind. The web server had port 80 open and port 443 echoing, but nothing running. He managed to forward TS through the 443 port ad get full GUI access to the lot!!!

It's made me very, very paranoid about network security in general.

For all those who work in IT, if you ever get the opportunity to see him in action, jump on it.

sounds like fun. Btw what server sofware was the domain controller using and what security measures were in place?

[Oz]

Server 2003, firewall blocking inbound connections, 2 ports open. From there he used a range of different exploits, from password hashes and modifying HTML header packets to exploiting trust relationships on the internal LAN and sloppy password management.