Re: [ActiveDir] Elevating privileges from DA to EA

[Al Mulnick]

Can you reword?  I'm not sure I clearly understand the question.

FWIW, going from DA to EA is a matter of adding one's id to the EA group.  DA's have that right in the root domain of the forest (DA's of the root domain have that right). Editing etc. is not necessary. Nor are key-loggers etc.
If physical access is available, there are plenty of ways to get the access you require to a domain but I suspect you're asking how can a DA from a child domain gain EA access; is that the question you're looking to answer? 

Just for curiousity, what brings up that question?

Al

On 9/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

It has been suggested by certain parties here that elevating one's rights from AD to EA is 'simple'.

I have suggested that whilst it's possible it is not simple at all.

Does anyone have any descriptions of methods / backdoors / workarounds etc that can be used to elevate rights in this way? Naturally, you may prefer to send this to me offline :) [ [EMAIL PROTECTED]]

I can think of the following basic methods:
 - Remove DC disks and edit offline
 - Introduce key logger on admin workstation / DC
 - Inject code into lsass

As you can see, I don't want specific steps to 'hack' the DC, just basic ideas / methods.

Thanks,
neil

PLEASE READ: The information contained in this email is confidential and

intended for the named recipient(s) only. If you are not an intended

recipient of this email please notify the sender immediately and delete your

copy from your system. You must not copy, distribute or take any further

action in reliance on it. Email is not a secure method of communication and

Nomura International plc ('NIplc') will not, to the extent permitted by law,

accept responsibility or liability for (a) the accuracy or completeness of,

or (b) the presence of any virus, worm or similar malicious or disabling

code in, this message or any attachment(s) to it. If verification of this

email is sought then please request a hard copy. Unless otherwise stated

this email: (1) is not, and should not be treated or relied upon as,

investment research; (2) contains views or opinions that are solely those of

the author and do not necessarily represent those of NIplc; (3) is intended

for informational purposes only and is not a recommendation, solicitation or

offer to buy or sell securities or related financial instruments. NIplc

does not provide investment services to private customers. Authorised and

regulated by the Financial Services Authority. Registered in England

no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,

London, EC1A 4NP. A member of the Nomura group of companies.