Skip to main content
SpringerLink
Log in
Book cover

Cyber Operations pp 347–417Cite as

Apress

Attacking the Windows Domain

  • Chapter
  • First Online:

  • 2553 Accesses

Abstract

An attacker that has gained a foothold on a network using the techniques of Chapter 2 can use Metasploit and native tools to expand their influence. Metasploit comes with reconnaissance modules that allow the attacker to determine their user privileges, the domain controller(s), and the account names for the domain administrators. If the attacker has compromised a privileged account, there are methods to allow the attacker to bypass User Account Control (UAC) to gain SYSTEM privileges. If not, the chapter presents ways the attacker can try to gain SYSTEM privileges, including exploiting insecure configuration of the host or using one of the Metasploit privilege escalation modules.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Note that this example system is not connected to a domain.

  2. 2.

    The key is 4e 99 06 e8 fc b6 6c c9 fa f4 93 10 62 0f fe e8 f4 96 e8 06 cc 05 79 90 20 9b 09 a4 33 b6 6c 1b and is available from Microsoft at https://msdn.microsoft.com/en-us/library/Cc422924.aspx .

  3. 3.

    Be sure to use double backslashes when setting the Metasploit PATH variable.

  4. 4.

    This shell may not be entirely stable and may prevent legitimate users from logging in to the system.

  5. 5.

    The file /usr/share/wordlists/metasploit/password.lst contains non-ASCII characters that can cause the script to fail. One approach is to convert the file to ASCII characters with the command cat password.lst | iconv -f ISO-8859-1 -t ASCII//TRANSLIT > password_ascii.lst. It also does not contain the default password used in these examples (password1!), so this has been appended to the list.

  6. 6.

    https://support.microsoft.com/en-ie/help/3165191/ms16-077-security-update-for-wpad-june-14,-2016

  7. 7.

    The wordlist /usr/share/wordlists/metasploit/password.lst does not contain the password selected for these systems (password1!), so it has been added to this file.

  8. 8.

    http://www.openwall.com/john/doc/FAQ.shtml

Author information

Authors and Affiliations

  1. Towson, MD, USA

    Mike O’Leary

Authors
  1. Mike O’Leary
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Mike O'Leary

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

O’Leary, M. (2019). Attacking the Windows Domain. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4294-0_8

Download citation

Publish with us

Policies and ethics

Search

Navigation