3. What security concerns do you look for in an enterprise environment?

What security concerns do you look for in an enterprise environment?

Could do some light pentesting.

Some of the most common things I find in environments are Domain Controllers that allow anonymous enumeration. Lots of tools can check for this but I use enum4linux. Great job and easy.

Groups.xml files on the DC's (SYSVOL folder) . This contains an encrypted "cpassword" that is the local admin for all machines. This is pushed via Group Policy.

Tomcat / Axis2 servers with default creds for manager.

Printers that have default credentials on them. Doesn't sound like big deal but I can get username and passwords from them if they are configured for LDAP.

Weak passwords for users. I use medusa or custom tools to test a single password against all AD users.

DNS servers that allows zone transfers

IPMI systems with default creds or allow bypass of authentication by a vulnerable Cipher 0 flaw from old firmware. (ex. Dell iDRAC with username of root and password of Calvin)

Internal website that have default credentials for admin.

Check what ports are allowed egress and see if they are needed to be open. Dangerous ones are port 139 and 445 for SMB. I can send an email to someone with hidden html embedded inside that can have your computer send me a SMB handshake which I can capture and possibly crack your password. This is all with not clicking on a link - merely just opening the email and reading it.

SMTP servers that allow unauthenticated mail relay. (port 25)

Default FTP and SSH passwords and anonymous FTP

MySQL / MSSQL / Oracle, etc that use default credentials login

Cisco or other network devices with default creds

Another thing I find about 95% of the time is Window machines is the ability to attack via WPAD. This feature is meant to make it easier for Network Administrators to deploy proxy configuration settings. This feature can be abused by attackers to Man In The Middle traffic on the local network or, in some cases, across the entire enterprise. https://www.trustedsec.com/july-2013/wpad-man-in-the-middle-clear-text-passwords/

SNMP (port 161) for devices that don't need it. Also default community strings for SNMP (public and private that writes to the device)

That should keep you busy for a bit.

/r/AskNetsec Thread
Previous
Next

Recently removed from /r/AskNetsec

Pentesters, what web vulnerability scanner do you use? Web App Pentesting Career Path Is a "security engineer" = a software dev focused on security or is it something uniquely different? What subjects would you take in hackerschool? Most reasonable way to protect Windows laptop from BadUSB? Your recommendations, I have an opportunity to learn netsec but I am at the starting line. I will be traveling to one of the countries hosting a great firewall, will only be using my phone to access anything. What kind of modifications and precaution should I be taking to protect myself from both of privacy and security perspective? Anyone interested in Advanced WiFi Pentesting Webinar? if net neutrality fails, could an online company provide a "neutral net" loophole? GCIH - using braindump questions to test my knowledge. Good or bad? Let's say you find an exploit in a vendors application. What's the best way to inquire about a bug bounty if one isn't already listed? Minimum Requirements For Entry Level Pentesting Job Can someone recommend how I can get into malware research/reverse engineering? Security clearance question What can a script kiddie do?

More Random Comments

[F]irst post here…welcome a newbie? How I feel trying to beat AI art. Daily Discussion Thread 12/06/22 People should be able to complain about the homeless without criticism What are some disadvantages of being a man? Joe Biden reminds us, That silence makes us complicit. what is this "second wave"? [A3] [GMT] [Recruiting] Phoenix Group [PXG] break up advice for an entp x entj? Discussion Thread Trenger dating råd!! Dating an addict, partially in recovery. In need of advice and opinions. Moronic Monday - Your weekly stupid questions thread OOP's fiancé is convinced by her best friend that she has a crush on friend's husband A new chatbot has shown that it is capable of creating full, well written stories, teach about writing concepts, and even give accurate feedback on writing. What do you think this means for fanfiction?