So I've popped a shell on a primary domain controller (PDC) which has NT\SYSTEM permissions on the box. I've created a local admin user account using the following commands:
net user myname myc0mpl3x password /add
net localgroup adminstrators myname /add
However I'd prefer to have Domain Administrator permissions as this will make my network wide exploitation much more simple. My understanding is that this is possible, however I can't find any references or information on how.
I've also attempted using:
dsquery user -samid name.of.dom.acc.i.know | dsmod user -pwd co0mmmpl3xx
to reset the password of an account I know has permissions but that's caused my shell to freeze for some reason.
I will try and use
net user name.of.dom.acc.i.know c0mpl3dxcfd
but I'm not sure of that either.
How else can I create an account with domain admin permissions (I'd rather create one rather than re-set another account's password)?
Are there other simple privilege escalation tricks I can do via command line?
