Security test of sorts

S

Shambler

Supreme [H]ardness
Joined
Aug 17, 2005
Messages
6,419
Long story short: Read an article regarding technical interviews.
The following scenario was posted.

Machine A - Signed with User A credentials. (Typical user account)
List as much information as you can about the network the machine is connected to.
Typical user/office software installed. (MS Office, Outlook, Internet Explorer etc)

Figured start simple: IPConfig /all
Tracert to the DHCP/DNS servers (Note the hops)
Find out Exchange server name within Outlook
Check Devices/Printers if there are any network printers installed, are they hosted via a print server? List print server

What else?
 
Shambler said:
Long story short: Read an article regarding technical interviews.
The following scenario was posted.

Machine A - Signed with User A credentials. (Typical user account)
List as much information as you can about the network the machine is connected to.
Typical user/office software installed. (MS Office, Outlook, Internet Explorer etc)

Figured start simple: IPConfig /all
Tracert to the DHCP/DNS servers (Note the hops)
Find out Exchange server name within Outlook
Check Devices/Printers if there are any network printers installed, are they hosted via a print server? List print server

What else?
Click to expand...

I don't really understand what the question you are asking is. But I mean you could run a simple port scanner to start finding what ports are and aren't locked down. Hopefully that helped lol.
 
4fingerninja said:
I don't really understand what the question you are asking is. But I mean you could run a simple port scanner to start finding what ports are and aren't locked down. Hopefully that helped lol.
Click to expand...

You are sitting in front of a user's machine. No one is around and they left it signed in. How much information can you provide on the company network? (Using just their credentials and the usual office environment software)
 
Sounds like you're going to interview for a low level support position and they want to make sure you have some semblance of IT experience.

Hint: do some research on a typical AD environment and the commands that one might use to troubleshoot issues.

Things I might run assuming command line was available: gpresult /R, netstat -a, net view, etc. These will give you a better lay of the land than a simple ipconfig or printer list.

Also:
http://ss64.com/nt/
 
:(

This was a scenario posed in an article I recently read. And it got me thinking about just how much information can be retrieved with your average user credentials and no 3rd party utilities.

So I figured I would post my thoughts/ideas here and see what others on [H] would do.

Speaking of which: Checking local group policy and domain policy, and netstat are great ideas.
 
You're really limited to how much the command line can deliver. If you had an arsenal of tools you could inventory the entire network, gather product keys, etc. Sorry your first post made it seem like you wanted help for an interview.
 
With the software you have listed, you can find out dns servers, mail servers, gateways, domain name, domain controllers, domain computers, domain users. With what you have listed you can perform a dos attack on the dns server, mail server, broadcast address, domain controllers, and domain user accounts, all from a standard domain user account and with standard windows programs. No 3rd party hacking tools required if the domain is not configured properly or your network isn't configured properly.
 
You must log in or register to reply here.
Back
Top