Network vs. PC Priviledges
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Network vs. PC Priviledges

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    11

    Network vs. PC Priviledges

    I have been researching methods of gaining administrator priviledges on computers one has physical access to for a few weeks now. I have recently had a (relative to newbnish) breakthrough.
    On PC's on a larger network I have read about many ways to get administrator on the PC and they are great methods. The problem I have requires that I first make a supposition though. This question seems rather ambiguous to me, but I'm sure that is just due to the wetness behind my ears.
    Suppose when logging on to windows XP you have the choice of logging onto a) the network or b) the PC. Using standard methods of account promotion (cracking the local SAM with syskey), you've obtained an administrator user account; but this account is for the PC not the network and you are therefore not satisfied.
    When roaming through the hard drive you've notice NTuser.day files and many folders of network users and not local users. The question is (finally, if you have't already guessed) how would you poise yourself to go after getting a network account, especially an admin account that yoy may or may not know the name of?
    Cheers!

  2. #2
    Banned
    Join Date
    Jun 2005
    Posts
    445
    I would wait until an administrator has logged off of the machine, and just grab the cached logon.


    Many administrators do not take steps to prevent this.

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Local administrator groups should not contain the server administrator account....only the domain administrators group...which again is a limited group...they cant elavate you to the server admin...afaik

    All depends on the setup...and the admin.

    As for cracking the SAM....that is where strong passwords would circumvent.....unless you have ALOT of time....and a very fast computer/s


    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I am inclined to agree with Morgana~ on this one. The box should have a local admin group only.

    There really is no logical reason for it to have the server administrator, unless it is used for that purpose. I would think that you would need to be using a machine in the network support area.

    Also, servers are frequently protected by device specific rules, so admins can only log on from designated machines. Naturally, these are protected by a different level of physical security.


  5. #5
    Junior Member
    Join Date
    Mar 2006
    Posts
    11
    Thanks for your replies.
    As for the SAM, that was a cinch.
    Once logged on as local admin, there was a folder of a network admin account in documents and settings. Within this there were nt user files. Can those be used to recover the pw of that account?
    This is a sub-net of an even larger server.

    Also d0pp, could you briefly explain what you mean by grabbing the cached login or send me in the right direction?

    Thanks a lot guys.
    http://www.yazakpro.com/avatar/meatwad.gif [shadow][gloworange]\"The Bun is in your mind.\"[/gloworange][/shadow]

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by morganlefay
    ...
    As for cracking the SAM....that is where strong passwords would circumvent.....unless you have ALOT of time....and a very fast computer/s


    MLF
    What about http://www.rainbowcrack-online.com/ for cracking the passwords? I think that would remove the time/cpu power obstacle. I mean, that is the point of rainbow tables...
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Zen~ this is an interesting subject to me.

    As I understand things, rainbow tables are sort of exponential. Like a 14 character set takes up 60Gb.....and so on?

    We are AFAIK talking pure "brute force" are we not?

    So, if I have enough storage and a half decent processor I should be able to crack a pass inside 24 hours? Storage would be the problem?

    I believe that Billy Windows supports a 127 character pass, with one check digit making 128 in all? Those would be one hell of a set of rainbow tables? We have got to be talking terrabytes?

    I am rather out of my depth here, but I have mentioned the concep of "packing" a password, and had no feedback.

    Say I have a "core" PASSWORD and I just add stuff infront and behind.

    !"$%^&*()_+PASSWORD`1234567890-=

    I can pretty soon get to a very long password without having to remember anything but the "core"?

    Comments appreciated

  8. #8
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Well if you want internet access on my network...you have to have an account with access...cause a local account wont do it....so you wont have access to the site

    As for admin passwords...MS recommends 26 charactors minimum....supposed to take an extremely long time to crack......

    So, if I have enough storage and a half decent processor I should be able to crack a pass inside 24 hours? Storage would be the problem?
    ...........or an extremely powerful machine....no???


    I guess if you get the data and then take it off site...then crack it..and come back..maybe the passwords would be changed by then..


    This is beyond me...but good password policies *should* be able to circumvent and attack of this nature...

    IMHO

    as always

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Morgana~

    ...........or an extremely powerful machine....no???
    Hey, I am no expert, but I don't think so. The idea of rainbow tables is that they are precomputed solutions (not like John the Ripper) so the issue has to be more one of storage space?

    The actual look up and compare should not be so much of an issue?

    I am still curious as to whether my "packing" concept would work, given that all the characters are hashed and the rainbow process seems to be a straight comparison?


  10. #10
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    MS also recommends the *Pass Phrase*...

    Is that what you are refering to Nihil??

    "t0day I would like to see you crack my pa$$word....good luck : )"

    How long do you think a rainbow table would take to crack that???

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •