Abstract
An attacker that has gained a foothold on a network using the techniques of Chapter 2 can use Metasploit and native tools to expand their influence. Metasploit comes with reconnaissance modules that allow the attacker to determine their user privileges, the domain controller(s), and the account names for the domain administrators. If the attacker has compromised a privileged account, there are methods to allow the attacker to bypass User Account Control (UAC) to gain SYSTEM privileges. If not, the chapter presents ways the attacker can try to gain SYSTEM privileges, including exploiting insecure configuration of the host or using one of the Metasploit privilege escalation modules.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Note that this example system is not connected to a domain.
- 2.
The key is 4e 99 06 e8 fc b6 6c c9 fa f4 93 10 62 0f fe e8 f4 96 e8 06 cc 05 79 90 20 9b 09 a4 33 b6 6c 1b and is available from Microsoft at https://msdn.microsoft.com/en-us/library/Cc422924.aspx .
- 3.
Be sure to use double backslashes when setting the Metasploit PATH variable.
- 4.
This shell may not be entirely stable and may prevent legitimate users from logging in to the system.
- 5.
The file /usr/share/wordlists/metasploit/password.lst contains non-ASCII characters that can cause the script to fail. One approach is to convert the file to ASCII characters with the command cat password.lst | iconv -f ISO-8859-1 -t ASCII//TRANSLIT > password_ascii.lst. It also does not contain the default password used in these examples (password1!), so this has been appended to the list.
- 6.
- 7.
The wordlist /usr/share/wordlists/metasploit/password.lst does not contain the password selected for these systems (password1!), so it has been added to this file.
- 8.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Mike O'Leary
About this chapter
Cite this chapter
O’Leary, M. (2019). Attacking the Windows Domain. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4294-0_8
Download citation
DOI: https://doi.org/10.1007/978-1-4842-4294-0_8
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-4293-3
Online ISBN: 978-1-4842-4294-0
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books