Pen-Test Paper: How An Internal Network Becomes External
1. Information gathering for the external network
2. Seeking for vulnerabilities & misconfigurations
3. Using flaws to get a shell
4. Information gathering for the internal network
5. Escalating privileges for the internal network
6. Converting internal network to external
Click to view attachment
Full Version: How Internal Network Becomes External
Problem whenever im trying to download your pdf file. It says i have not enough privillage to download this file. Whats wrong?
Read the rules 
trial members cant dl files, even I read that
Hint: THat doc is avail on srgn's website.
A very helpful tutorial indeed.However I would like to suggest that the "???.???.???.???" for the MS SQL Server and the later ones should be replaced by "no Real IP" comments in "Information gathering for internal network" part.
Interesting note for the beginners about the DOMAIN\Administrator account mentioned in the net use command:
The Domain Administrator account is able to administer all of the Windows PCs that are members of the CFS domain. When a client joins the CFS domain, the Domain Administrator is automatically added to the list of Local Administrators for that PC. The Domain Administrator account for CFS is essential for services such as the Systems Management Server used for software licence monitoring and hardware inventories.
Interesting note for the beginners about the DOMAIN\Administrator account mentioned in the net use command:
The Domain Administrator account is able to administer all of the Windows PCs that are members of the CFS domain. When a client joins the CFS domain, the Domain Administrator is automatically added to the list of Local Administrators for that PC. The Domain Administrator account for CFS is essential for services such as the Systems Management Server used for software licence monitoring and hardware inventories.
QUOTE (expaethitec @ Dec 3 2007, 01:47 AM) 
A very helpful tutorial indeed.However I would like to suggest that the "???.???.???.???" for the MS SQL Server and the later ones should be replaced by "no Real IP" comments in "Information gathering for internal network" part.
Interesting note for the beginners about the DOMAIN\Administrator account mentioned in the net use command:
The Domain Administrator account is able to administer all of the Windows PCs that are members of the CFS domain. When a client joins the CFS domain, the Domain Administrator is automatically added to the list of Local Administrators for that PC. The Domain Administrator account for CFS is essential for services such as the Systems Management Server used for software licence monitoring and hardware inventories.
Interesting note for the beginners about the DOMAIN\Administrator account mentioned in the net use command:
The Domain Administrator account is able to administer all of the Windows PCs that are members of the CFS domain. When a client joins the CFS domain, the Domain Administrator is automatically added to the list of Local Administrators for that PC. The Domain Administrator account for CFS is essential for services such as the Systems Management Server used for software licence monitoring and hardware inventories.
Which is why the first thing you should do after setting up your DC is rename the Administrator account and create a disabled dummy "Administrator" account. Doesn't do much really, but it's still a good habit.
QUOTE (Jim @ Dec 7 2007, 01:56 AM)
QUOTE (expaethitec @ Dec 3 2007, 01:47 AM)
A very helpful tutorial indeed.However I would like to suggest that the "???.???.???.???" for the MS SQL Server and the later ones should be replaced by "no Real IP" comments in "Information gathering for internal network" part.
Interesting note for the beginners about the DOMAIN\Administrator account mentioned in the net use command:
The Domain Administrator account is able to administer all of the Windows PCs that are members of the CFS domain. When a client joins the CFS domain, the Domain Administrator is automatically added to the list of Local Administrators for that PC. The Domain Administrator account for CFS is essential for services such as the Systems Management Server used for software licence monitoring and hardware inventories.
Interesting note for the beginners about the DOMAIN\Administrator account mentioned in the net use command:
The Domain Administrator account is able to administer all of the Windows PCs that are members of the CFS domain. When a client joins the CFS domain, the Domain Administrator is automatically added to the list of Local Administrators for that PC. The Domain Administrator account for CFS is essential for services such as the Systems Management Server used for software licence monitoring and hardware inventories.
Which is why the first thing you should do after setting up your DC is rename the Administrator account and create a disabled dummy "Administrator" account. Doesn't do much really, but it's still a good habit.
On that note, also change the password for that account. I've done too many pen tests lately where the admin password hasn't changed in like 5 years and they've had tons of people come and go. Root passwords too.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.