Finding IP Addresses of Other Network Interfaces on Linux

The scenario for this post is that you’re connected to the local LAN of the systems you’re pentesting – possibly in a DMZ or multi-tiered architecture.  If you’re on an externally-facing LAN, you may find that there aren’t many network services to explore. As your pentest starts to look more like a vulnerability assessment, you […]

Exposing only part of C: over Terminal Services

Ken Johnson gives a useful tip on his blog about limiting access to your local drives when you make a Terminal Services connection.  This is not new, but it’s useful enough to be worth summarizing here. When I audit a system via Terminal Services, I usually map a drive to or from the system depending on […]

Post-Exploitation in Windows: From Local Admin To Domain Admin (efficiently)

There are some excellent tools and techniques available to pentesters trying to convert their local admin rights into domain admin rights.  This page seeks to provide a reminder of some of the most common and useful techniques as well as rating their effectiveness to suggest which ones to try first. The premise of all the […]