Once a penetration tester gains an initial entry into the target network the work is just beginning. Now you need to identify the important systems and begin the process of migrating beyond the one compromised box if there are no other directly exploitable systems on the network.. Unfortunately for many penetration testers this part of the engagement proves to be very difficult.
This presentation details the methods that will help you move from owning one box to owning all the boxes. You will learn how to go from owning one box to owning the entire Windows Domain, how to migrate from Windows into the nix environment, and how to compromise vulnerable web services and leverage this to migrate into other systems on the network. Additionally methods used to migrate from a single compromised nix system into the Windows network (and eventually take of the entire Windows Domain) is covered. This isn’t a PowerPoint presentation. Each technique described in this presentation will be demonstrated on a live (test) network.
This talk is targeted to penetration testers that understand the basic concepts of system compromise but have had difficulty taking their testing process to the next level. All of the tools utilized in the demonstrations are open source.