Impersonating The Domain Administrator via SQL Server (via infosecmedia.org)

Original article: http://infosecmedia.org/impersonating-the-domain-administrator-via-sql-server-2/

http://penetration-testing.7safe.com
Daniel Compton, Information Security Consultant of 7Safe, demonstrates a internal infrastructure penetration test on a fully patched Windows network. Daniel demonstrates how it is possible to fully compromise the domain using a fully patched Microsoft SQL server that has a firewall enabled. Using the SQL server Daniel impersonates the domain administrator account without any passwords or password hashes being known or extracted. Daniel also demonstrates the risk or wireless networks and smart phone devices which can be used to carry out the attack.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s