Search icon
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Pentesting Active Directory and Windows-based Infrastructure

You're reading from  Pentesting Active Directory and Windows-based Infrastructure

Product type Book
Published in Nov 2023
Publisher Packt
ISBN-13 9781804611364
Pages 360 pages
Edition 1st Edition
Languages
Concepts
Author (1):
Denis Isakov Denis Isakov
Profile icon Denis Isakov

Table of Contents (13) Chapters

Preface 1. Chapter 1: Getting the Lab Ready and Attacking Exchange Server 2. Chapter 2: Defense Evasion 3. Chapter 3: Domain Reconnaissance and Discovery 4. Chapter 4: Credential Access in Domain 5. Chapter 5: Lateral Movement in Domain and Across Forests 6. Chapter 6: Domain Privilege Escalation 7. Chapter 7: Persistence on Domain Level 8. Chapter 8: Abusing Active Directory Certificate Services 9. Chapter 9: Compromising Microsoft SQL Server 10. Chapter 10: Taking Over WSUS and SCCM 11. Index 12. Other Books You May Enjoy

Reconnaissance

In this section, we will discuss reconnaissance, as well as enumeration. We will briefly cover how to identify SCCM only with network access and then dive deeper into the assume breach scenario.

To identify SCCM infrastructure from a non-domain-joined machine, the attacker may perform a simple port scan looking for TCP ports 8530 and 8531 (Software Update point), 10123 (Management point), and 4022 and 1433 (SQL Server). Also, the UDP port 4011 might be an indicator of the Preboot Execution Environment (PXE) boot media being offered. SCCM can be deployed with or without a PXE offering called Operating System Deployment (OSD). We do not have PXE deployed in our lab, but there are some promising vectors to consider.

To check whether PXE is available in the environment, there is a tool called PXEThief[11]. This tool sends a DHCP discover request to search for PXE servers and fetch PXE boot files. If PXE media is encrypted, then the attacker needs to guess or crack...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $15.99/month. Cancel anytime}