Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
stop4858100d1. Wait until someone logs in and use pass-the hash?
2. No. New versions have new bugs that dont work on older releases. Usually the CVE Database saves programs and their version to document bugs. older versions have usually bugs that allow you getting SYSTEM rights.
netikras15103100dNetworking attacks to gain access to other employees' accounts? And use them for scripts.
sbiewald2455100d2012 (at least 2012R2) is still supported, even 2008 still is - so the customer can still fix it afterwards.
Are you sure with IIS 4.5? Wikipedia lists IIS 5 for Windows 2000, and I haven't found anything about IIS 4.5.
sbiewald2455100dIf you get on one of the servers, wait for one admin to log in, or even purposely trigger a monitoring event.
As many persons login with domain admin credentials, you can now overtake the whole domain.
On the left hand side.
irene60099dKeylogger your own machine and call IT support for something that needs admin access to change. Grab their credentials from keylogger after change. Log into AD or whatever domain tool the IT person has to elevate one of the other user accounts. Use stolen user account to do admin things until you have a back door.
sbiewald245599d@enigmamachine Pass-the-hash / -ticket works even for remote logon where the password is not necessarily transmitted to the workstation.
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job