rom: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-
>>> boun...@lists.grok.org.uk] On Behalf Of George Carlson
>>> Sent: Friday, December 10, 2010 10:12 AM
>>> To: bugt...@securityfocus.com; full-disclosure@lists.grok.org.uk
>>> Subject: Re
"Andrea Lee" wrote:
> I hope I'm not just feeding the troll...
No. You just made a complete fool of yourself.-P
Read the initial post again.
CAREFULLY.
Especially that part about unplugging from the network.
> A local admin is an admin on one system. The domain admin is an admin
> on all system
Microsoft Domain Account Caching Allows
Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached
Domain Admin Accounts (2010-M$-002)
?
OK, wrap up, are we talking about Domain Admins having local admin privs? Of
course they do - that's the joy of having a doma
ktop support and AD support"? (whatever that means).
>>
>> t
>>
>>>-----Original Message-
>>>From: full-disclosure-boun...@lists.grok.org.uk
>>>[mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of
>>>George Carlson
>>>Sent:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kurt Dillard said the following on 13/12/10 20:09:
> So far I agree with Thor. Did I miss something? Has anyone demonstrated
> using the locally cached credentials to access resources across the network?
> So far I haven't seen anything new or interest
Cc: George Carlson; bugt...@securityfocus.com;
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching
Allows Local Workstation Admins to Temporarily Escalate Privileges and Login
as Cached Domain Admin Accounts (2010-M$-002)
I hope I'm not j
Since when do local admins become domain admins!?!?!?!?!
Domain Admins are added to the Local Admins group when a computer joins a
network. How do Local Admins on a computer become Domain Admins!?!?!!?!?
-Original Message-
From: jco...@winwholesale.com [mailto:jco...@winwholesale.com]
(whatever that means).
>
> t
>
>>-Original Message-
>>From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-
>>boun...@lists.grok.org.uk] On Behalf Of George Carlson
>>Sent: Friday, December 10, 2010 10:12 AM
>>To: bugt...@securityfocus.com;
t;>>-Original Message-----
>>>From: full-disclosure-boun...@lists.grok.org.uk
>>>[mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of
>>>George Carlson
>>>Sent: Friday, December 10, 2010 10:12 AM
>>>To: bugt...@securityfocus.com;
"Jeremy SAINTOT" wrote:
> Correct me if I'm wrong, but here is what I think of that :
You are wrong!
> A Domain user that is a Local admin of his workstation is different than
> a Domain user which is Domain Admin.
A local administrator has all the powers on his computer, while a domain
admi
If a bad guy got the local admin password, then the computer is in it's
control at 100%. No need to run script as a domain user, as the local
admin can already format the drive, or remove all security mesure.
The cached credential is a hash of a hash. (kinda long to crack)
Any good network admin
Correct me if I'm wrong, but here is what I think of that :
A Domain user that is a Local admin of his workstation is different than
a Domain user which is Domain Admin.
Then, a local admin whose account is an AD account can run scripts *on
his local machine* in the name of the domain admin.
T
> Vendor Notified: December 7, 2010
> Vendor Fixed: N/A
> Vendor Dismissed: December 9, 2010
"Law #6: A computer is only as secure as the administrator is trustworthy"
http://technet.microsoft.com/en-us/library/cc722487.aspx#EFAA
___
Full-Disclo
So you are saying that the use can perform action on the domain?
Things like create/delete user accounts. Your initial statement does
not say anything about taking action on any network resources. I find
it hard to believe that would be the case because user would not have
a valid kerberos ticket b
gt;-Original Message-
>From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-
>boun...@lists.grok.org.uk] On Behalf Of George Carlson
>Sent: Friday, December 10, 2010 10:12 AM
>To: bugt...@securityfocus.com; full-disclosure@lists.grok.org.uk
>Subject: Re: [
k] On Behalf Of jco...@winwholesale.com
>Sent: Friday, December 10, 2010 11:45 AM
>To: Stefan Kanthak
>Cc: stenopla...@exploitdevelopment.com; full-disclosure@lists.grok.org.uk;
>bugt...@securityfocus.com
>Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows
>Lo
"StenoPlasma @ www.ExploitDevelopment.com" wrote:
Much ado about nothing!
> TITLE:
> Flaw in Microsoft Domain Account Caching Allows Local Workstation
> Admins to Temporarily Escalate Privileges and Login as Cached Domain
> Admin Accounts
There is NO privilege escalation. A local administrator i
You are completely missing the point..
Local admins become Domain Admins.
From: "Stefan Kanthak"
To: ,
Cc:
Date: 12/10/2010 01:08 PM
Subject:Re: Flaw in Microsoft Domain Account Caching Allows Local
Workstation Admins to Temporarily Es
Your objections are mostly true in a normal sense. However, it is not
true when Group Policy is taken into account. Group Policies
differentiate between local and Domain administrators and so this
vulnerability is problematic for shops that differentiate between
desktop support and AD support.
From: Jeffrey Walton [mailto:noloa...@gmail.com]
Sent: Friday, December 10, 2010 6:38 AM
To: Thor (Hammer of God)
Cc: stenopla...@exploitdevelopment.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows
Local Workstation Admins to Temp
:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Marsh Ray
Sent: Thursday, December 09, 2010 11:34 PM
To: Mike Vasquez
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows
Local Workstation Admins to Temporarily Escalate Privilege
Microsoft Domain Account Caching Allows
Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached
Domain Admin Accounts (2010-M$-002)
On Fri, Dec 10, 2010 at 03:28:05AM +, Thor (Hammer of God) wrote:
> No "rouge user," only administrators.
Are the "roug
On Thu, Dec 9, 2010 at 10:07 PM, Thor (Hammer of God)
wrote:
> What do you mean by "regular local administrator"? You're a local admin,
> or you're not.
I believe the OP's intent was to differentiate between Local
Administrators and Domain (or Enterprise) Administrators. Corrections
from StenoPla
---
>
> ---- Original Message --------
>> From: "Thor (Hammer of God)"
>> Sent: Thursday, December 09, 2010 6:07 PM
>> To: "stenopla...@exploitdevelopment.com"
> , "full-disclosure@lists.grok.org.uk"
>
>> Subjec
On 12/09/2010 09:36 PM, Mike Vasquez wrote:
> You can dump the local cached hashes, take a domain admins,
My understanding is that after the target user has logged off, the
hashes which remain are only sufficient to validate a correct password.
I.e., they're like the classic /etc/passwd hashes b
re@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching
> Allows Local Workstation Admins to Temporarily Escalate Privileges and Login
> as Cached Domain Admin Accounts (2010-M$-002)
>
> "In fact, I can just make the Domain Admin a "guest&q
om: StenoPlasma @ ExploitDevelopment
> [mailto:stenopla...@exploitdevelopment.com]
> Sent: Thursday, December 09, 2010 6:13 PM
> To: Thor (Hammer of God); full-disclosure@lists.grok.org.uk
> Subject: RE: [Full-disclosure] Flaw in Microsoft Domain Account
> Caching Allows Local Workstation Admins to
a @ ExploitDevelopment
[mailto:stenopla...@exploitdevelopment.com]
Sent: Thursday, December 09, 2010 6:13 PM
To: Thor (Hammer of God); full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows
Local Workstation Admins to Temporarily Escalate Priv
Account Caching
Allows Local Workstation Admins to Temporarily Escalate Privileges and
Login as Cached Domain Admin Accounts (2010-M$-002)
>
> Why all the trouble? Just change the log files directly when logged in
as the local admin. It's a whole lot simpler, and you don't
disclosure@lists.grok.org.uk
>Cc: stenopla...@exploitdevelopment.com
>Subject: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows
>Local Workstation Admins to Temporarily Escalate Privileges and Login as
>C
--
www.ExploitDevelopment.com 2010-M$-002
--
TITLE:
Flaw in Microsoft Domain Account Caching Allows Local Workstation
Admins to Temporarily Escalate Privi
31 matches
Mail list logo