Active Directory KungFu – Messing With Users & Computers

Recently on an internal Pentest, I needed to get a new user into the Domain Admins group, which I couldn’t manage to accomplish with the usual net localgroup group username /add /domain command, I had managed to add a user to the domain – daveisahacker – using net user daveisahacker Password123 /add /domain.

I really need to get a user into Domain Admin, and as I had a token impersonation of domain admin, but couldn’t sign on to a DC because I had no password.

So I thinks what about the Directory services commands – DSQUERY, DSMOD, and all of the other DS commands, I might be able to add a user to the Domain Admins group that way.

DSQUERY Command @ Technet

http://technet.microsoft.com/en-us/library/cc732952(WS.10).aspx

DSMOD Command @ Technet

http://technet.microsoft.com/en-us/library/cc732406(WS.10).aspx

So, OK lets have a look at these command and what to do with them.

Continue reading

Re Think On Pentest Lab – We Go Totally Open Source

Having played around with my previous Virtual Pentest Lab and found it more than up to the job, Citrix’s Xenserver is after all the best Virtualisation system around and for not very much money or free if you don’t need the fancy extra’s – I have a 2 node Xenserver system with an OPenFiler SAN at the office without the essentials licence and it makes life sooooo easy.

Anyways we digress, back to my home Pentest lab, well I go back to the day job, because another virtualisation system I have setup at the office is a fantastic product created by the guys at Proxmox – http://www.proxmox.com/products/proxmox-ve

Continue reading