Wednesday, January 19, 2011

[net-security] all need Authentication most need Domain Controllers 'n hackers love it

Background:
Domain Controllers are devices responsible for maintenance of data about all corporate user accounts, software resources and user ACLs. So, specific vulnerability assessment was required for them. We were supposed to assess the Domain Controllers with a more intense vulnerability scan cycle.

Execution Method:
Similar to previous task, we first scanned using NMap, and then launched NeXpose Scans on the domain servers one by one.
The scan result showed that all the machines ran the exploitable services and we tried testing those using Metasploit and tools specific to the identified vulnerability.
Here, we especially checked for User Account Enumeration and found most of the Domain Controllers to be vulnerable to CIFS Vulnerabilities, resulting in enumeration of all User Accounts with their details.

Tools/Technology Used:
NMap, Rapid7's NeXpose, Metasploit, SNMP Fuzzer, SNScan, Hunt, SuperScan, User2SID, SID2Use

NMap: http://nmap.org/, http://nmap.org/book/man.html
Rapid7's NeXpose: http://www.rapid7.com/products/nexpose-community-edition.jsp
Metasploit: http://www.metasploit.com/
SNMP Fuzzer: http://www.securityfocus.com/tools/3623
SNScan: http://www.mcafee.com/us/downloads/free-tools/snscan.aspx
Hunt: http://packetstormsecurity.org/sniffers/hunt/
SuperScan: http://www.mcafee.com/us/downloads/free-tools/superscan3.aspx
User2SID & SID2Use: http://www.securityfocus.com/tools/544

No comments:

Post a Comment