Post Explotiation Windows: From local Admin to Domain Admin

Level: This post is aimed to Pentester with high/medium technical skill.

This time, the issue is "Elevated Privilege in Windows". During a penetration test, one of thing you want is to get more privilege for moving forward in the penetration test.

Is for this, what "pentesmonkey. net" make a good collections of techniques for this aim. The premise of all the techniques is to obtain access to as many domain accounts as possible using the credentials stored on the domain member you’ve compromised.

I leave this post with an excellent set of tools for pentester!! extracted from where he has tried to rate each technique in order of how much effort it is for the pentester.

The first, very quick technique is: Duplicate Access Tokens (Incognito)

Incognito, either as a standalone tool, or via metasploit’s meterpreter will scan through all the running processes on the box and list you the delegation tokens it finds. Without doing any analysis yourself you can try creating a domain admin account with each token. If it succeeds without any effort on your part, so much the better.
If you don’t succeed in getting a domain admin account straight away, you may still be able to abuse the privileges of a normal domain user (e.g. to list domain accounts and group memberships). Perhaps try the techniques below before trying too hard…

For the rest of technique visit the following link.

0 comentarios:

Publicar un comentario