- The attack all starts with a victim opening a PDF document. The same attack is shown to be possible when viewing a QuickTime video (at the end of the video).
- While some passwords are cracked (very fast), access to the Domain Controller is made possible by 'passing password hashes'. This technique does not require the password to be cracked.
- The attack demonstrated uses a printer server as an internal launch point, which might surprise some people. In this example a new network is discovered.
- It uses Metasploit Framework, which is a powerful tool worth getting to grips with if you want to test systems and networks.
- It uses a tool called 7Seec to scan for credit card details.
hack (Hæk) vb. 1. to write computer programs for enjoyment. 2. to gain access to a computer illegally. ~n 3. one who works hard at boring tasks. 4. a mediocre and disdained writer. 5. an old or worn-out horse.
About Simon Edwards
▼
Monday, 14 November 2011
Opening PDF leads to network compromise
This nice demonstration of a penetration test is notable for a few reasons.
No comments:
Post a Comment