I just wanted to post a thought I had from this morning. For the past 4 major security projects I had to do, it took longer than it should have. The reason? Simple, I always out think the problem at hand. In all 4 cases the solution to getting into the box or recovering the password or testing for cross site scripting, or mapping the network has been so easy that I missed it. I'm throwing everything but the kitchen sink at this MS box this morning. Intense injection attempts and other remote exploits and 20 seconds in Hydra got me administrator user access because the password was really just that weak.
It seems that I just want to apply all of the cool new techniques available and the good old password guessing, reading documents received from a client, or simple trial and error produced the access needed. There was no need for rainbow tables attacks or complex sploits to get what I neeed. I just needed to start at the basics.
Don't forget the basics! As much as we would like to think "naaw, it can't be that simple", it turns out to be just that. Don't get me wrong pwning a box with the latest greatest 0day is cool, but when your doing this for a living and just need to get it done, don't leave out the simple stuff cuz it's not 733t!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment