Originally Posted by epic1337
yeah, target a remote PC thats allowed to connect, then use it to relay the attacks.
To use SSH on my corporate network requires a SecureID token, but I suppose a hacker could just wait around until a compromised remote PC logs in.
That would get you into the network but not onto the servers or NAS's that host the files and the external IP address for the web server hosting the files would probably not be the same as the internal IP address of that given NAS or server so how would you find out what IP address or server you needed on the corporate network? It could even be that the internal IP address of the NAS or server hosting the file isn't even accessible from an external IP (i.e. on a private network).