Monday, 14 November 2011

Opening PDF leads to network compromise

This nice demonstration of a penetration test is notable for a few reasons.

  1. The attack all starts with a victim opening a PDF document. The same attack is shown to be possible when viewing a QuickTime video (at the end of the video).
  2. While some passwords are cracked (very fast), access to the Domain Controller is made possible by 'passing password hashes'. This technique does not require the password to be cracked.
  3. The attack demonstrated uses a printer server as an internal launch point, which might surprise some people. In this example a new network is discovered.
  4. It uses Metasploit Framework, which is a powerful tool worth getting to grips with if you want to test systems and networks.
  5. It uses a tool called 7Seec to scan for credit card details.