Simple is a relative term but yes, there are mechanisms
that could be and are termed simple.
No I don't think people shouldn't be sharing details even
offline. If someone cannot come up with a method on their own it
doesn't mean someone else who is aware of a method should supply it. It doesn't
help anything knowing how it can
be done.
You are a smart guy though Neil, I have no doubt if you sat
down and gave yourself an hour to think out the ways an attack could be
perpetrated you could work out a couple of methods that you would consider
simple.
Hopefully folks don't start dropping hints, etc as it is a
can of worms we don't generally want opened up.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, September 14, 2006 12:14 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Elevating privileges from DA to EA
It has been suggested by certain parties here that elevating one's rights from AD to EA is 'simple'.
I have suggested that whilst it's possible it is not simple at all.
Does anyone have any descriptions of methods / backdoors / workarounds etc that can be used to elevate rights in this way? Naturally, you may prefer to send this to me offline :) [EMAIL PROTECTED]
I can think of the following basic methods:
- Remove DC disks and edit offline
- Introduce key logger on admin workstation /
DC
- Inject code into lsass
As you can see, I don't want specific steps to 'hack' the DC, just basic ideas / methods.
Thanks,
neil
PLEASE READ: The
information contained in this email is confidential and
intended for the
named recipient(s) only. If you are not an intended
recipient of this
email please notify the sender immediately and delete your
copy from your
system. You must not copy, distribute or take any further
action in reliance
on it. Email is not a secure method of communication and
Nomura International
plc ('NIplc') will not, to the extent permitted by law,
accept
responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence
of any virus, worm or similar malicious or disabling
code in, this
message or any attachment(s) to it. If verification of this
email is sought then
please request a hard copy. Unless otherwise stated
this email: (1) is
not, and should not be treated or relied upon as,
investment research;
(2) contains views or opinions that are solely those of
the author and do
not necessarily represent those of NIplc; (3) is intended
for informational
purposes only and is not a recommendation, solicitation or
offer to buy or sell
securities or related financial instruments. NIplc
does not provide
investment services to private customers. Authorised and
regulated by the
Financial Services Authority. Registered in England
no. 1550505 VAT No.
447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A
member of the Nomura group of companies.