Saturday, June 25, 2011

What login screens reveal

This picture was sent to us by Flo just a couple of days ago. Thanks buddy, keep being that active! What it shows is a company's desktop background. We don't have much more information on that but we can tell from experience that you find such screens a lot more often than you would think.
Administrators in big companies tend to use the desktop background to include detailled information on (most likely server) systems they use. This if of course helpful if you do a lot of remote work and don't wanna accidentally reconfigure a wrong server. However, as practical as it might be for admins, as practical is it for remote (or even local) attackers.

There is some information anonymised on this picture, but I'm sure you get that there are a lot of questions that can be answered just by looking at this picture. You can probably derive the server's role in the network from its hostname. IP address info gives you more knowledge about the network - how a local user could connect or in which address space the servers reside in. You get information about which domain the server belongs to and even get alrady a valid administrator username! You don't have to do any OS recon anymore, do you? Just start preparing your exploints right away. And if you are not sure if a DoS attack would be viable - just have a short look at its cpu, memory, volumes and free space.

Decide yourself if you wanna give all this information to strangers in your network, but probably you do better with increasing the awareness of your admins.

No comments:

Post a Comment