Re: Local admin becomes domain admin - Dubmwabbit

From: Lohkee (Lohkee@worldnet.att.net)
Date: 12/27/02 

From: "Lohkee" <Lohkee@worldnet.att.net>
Date: Fri, 27 Dec 2002 16:11:33 GMT

"There is nothing about having local admin access that makes it easier to
get domain admin access EXCEPT installing trojans or other methods of
suckering a stupid domain admin."

Not true. If a domain admin (or someone in that group - or another group
that might have sever access such as "backup operators" or "installers",
etc) has ever logged on to the workstation - which they may well have at
some point in time if for no other reason other than to make the WS part of
the domain - then it may be trivial to extract their password via a password
cracker. This is generally not possible for a normal user, but once given
local admin that user would now have access to the backup SAM and the system
registry. Even if the captured password had expired, the attacker is given
a great deal of information regarding the possibilities for the current
password. Let us not forget the numerous additional possibilities for
capturing domain admin that may present themselves to anyone with local
admin, i.e., the ability to boot from another operating system, installing
packet sniffers, etc. That you are unaware of these issues suggests perhaps
that your level of security is not quite what you believe it to be. Oh, and
by the way, go back and read your first statement regarding this thread.

Lohkee!

"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:uvW4sHPrCHA.2556@TK2MSFTNGP10...
> You still haven't said anything on how to get domain admin with PC's local
> admin ID. This thread was specifically about someone having local admin of
a
> workstation and gaining domain admin level access because of having the
> local admin access. There is nothing about having local admin access that
> makes it easier to get domain admin access EXCEPT installing trojans or
> other methods of suckering a stupid domain admin. I am not saying that
there
> aren't holes in the OS, I am saying that being a local admin doesn't
expose
> anything additional. I.E. If some site wants to give their local users
local
> admin access on their PC's they aren't opening up domain admin level
access
> to the users. Only the local PC's.
>
> --
> Joe Richards
> www.joeware.net
> ---
>
> "Lohkee" <Lohkee@worldnet.att.net> wrote in message
> news:EkyO9.79219$hK4.6488976@bgtnsc05-news.ops.worldnet.att.net...
> >
> > "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
> > news:Op61X9CrCHA.1636@TK2MSFTNGP12...
> >
> > Have it your way. You might not like the answer but it has proven
itself
> > extremely effective time after time after time. For what it is worth,
the
> > "schmoe" does not even have to have local admin if he really knows his
> > stuff. If you want to limit the conversation to OS inadequacies, you
may
> > want to explore the numerous holes that are routinely reported - about
> three
> > just this week I believe - (buffer overflows, etc) on forums such as
> bugtraq
> > which can be used to accomplish the same task (although why someone with
> > local admin would go to all that trouble when loading a simple driver
will
> > accomplish the same goal with much less effort is beyond me). I might
add
> it
> > is people like you that make life so much easier for people like me.
Have
> a
> > good one.
> >
> > Lohkee!
> >
>
>

Relevant Pages

  • Re: Any chance to differ local group or domain group from windowsIdentity groups?
    ... So you want to check if a user is domain admin - not local admin? ... When a user belongs to local admin, but not domain admin group, can I ... admin group(the builtin administrators group in a domain). ...
    (microsoft.public.dotnet.security)
  • Re: Local admin becomes domain admin - Dubmwabbit
    ... You still haven't said anything on how to get domain admin with PC's local ... local admin access. ... There is nothing about having local admin access that ...
    (microsoft.public.win2000.security)
  • Re: admin rights locally
    ... Add their domain account to the local admin group. ... > is there a way to give someone local admin rights and not ... > domain admin rights. ...
    (microsoft.public.win2000.new_user)
  • Re: forgotten administrator Password
    ... can any one help me to recover the lost ... Local admin or domain admin? ... it uses unix to reset local admin. ...
    (microsoft.public.win2000.security)
  • Re: local admin account password
    ... What I think would be a better scheme is to set a very complex* random ... This eliminates the vulnerability created by weak admin passwords ... Do you think if someone wanted to break the local admin account they ...
    (Focus-Microsoft)