Soldato
- Joined
- 30 Sep 2005
- Posts
- 16,825
Well....I wouldn't call it hacking.
Today I was called in to check another companies network. The first thing I usually do is see if I can very easily hack their network. Although I'd hardly call it hacking, it tells me quite a few things straight off the bat.
The steps I use are as follows:
1. Write a very simple piece of code, along the lines of
Create LDAP connection, search for user objects, capture pieces of information into variables, loop. Secondly, take one account and write back a small piece of information. This is good because you'd be surprised how often you can access all this without any credentials.
2. Compile and save as an exe
3. Copy to onedrive, dropbox, google drive
4. Login as a standard user and see if a) you can access those sites b) if you can download exe or zips c) if the exe runs d) if the code works
Well today it did
If someone really wanted to cause damage, they could reset everyones password.
What tends to confuse a lot of IT engineers is that although Microsoft states "access to changing user accounts requires at minimum the account operators permission" that is not always true. The account I used was only a member of domain users. Historical misuse of delegation is what catches most people out....or testing things out and forgetting about them.
Just wondering how often you all try and find problems with your own networks.
Today I was called in to check another companies network. The first thing I usually do is see if I can very easily hack their network. Although I'd hardly call it hacking, it tells me quite a few things straight off the bat.
The steps I use are as follows:
1. Write a very simple piece of code, along the lines of
Create LDAP connection, search for user objects, capture pieces of information into variables, loop. Secondly, take one account and write back a small piece of information. This is good because you'd be surprised how often you can access all this without any credentials.
2. Compile and save as an exe
3. Copy to onedrive, dropbox, google drive
4. Login as a standard user and see if a) you can access those sites b) if you can download exe or zips c) if the exe runs d) if the code works
Well today it did
If someone really wanted to cause damage, they could reset everyones password.What tends to confuse a lot of IT engineers is that although Microsoft states "access to changing user accounts requires at minimum the account operators permission" that is not always true. The account I used was only a member of domain users. Historical misuse of delegation is what catches most people out....or testing things out and forgetting about them.
Just wondering how often you all try and find problems with your own networks.
Last edited:
