Questions tagged [domain-controller]
22 questions
8
votes
1 answer
Impersonating a computer in a Windows domain
I've been trying to wrap my head around how computers are identified and granted access to a Windows domain. More specifically, I've been asking myself if whatever mechanism is involved really prevents faking the identity of a computer or not, and…
Oskar Lindberg
- 393
- 3
- 10
6
votes
1 answer
Can windows domains be faked?
Without the equipment and software (and knowledge yet) readily available to test myself, I've been wondering about the relationship between computers and domains in a Windows environment. Some information is available in answers like…
Oskar Lindberg
- 393
- 3
- 10
5
votes
2 answers
Is there a more secure way for users to log into the domain other than just passwords?
Say you have this:
An NPS server that grants access to users using client certificates (EAP-TLS).
So for example someone managed to snatch the domain administrator's password and they log in to the computer using the domain administrator's username…
Newlo Newly
- 145
- 1
- 1
- 6
5
votes
1 answer
DSquery leaking personal information
Today I found DSquery on one of my smb shares at work. I ran it to query users and since my company uses IC numbers as the unique CN, I got to see all my colleagues' ICs.
Firstly, is this considered a vulnerability?
and secondly how can this be…
jia chen
- 149
- 4
5
votes
1 answer
How does UNC path hardening and SMB signing work under the hood?
With a lot of unpatched versions of Windows in an Active Directory domain, one can man-in-the-middle a client when it connects to the domain controller and inject a group policy that gives an attacker local administrator privileges…
Volker
- 1,243
- 8
- 12
5
votes
1 answer
How to implement a password change policy when user's centralized password is in a lot of places?
I would like to implement password changing in an organization but they have the domain controller/LDAP passwords "all over the place". They have the passwords in a lot of places, for example, in mobile apps that authenticate against the LDAP, VPN…
Eloy Roldán Paredes
- 1,507
- 12
- 25
3
votes
0 answers
Centerized authentication/Monitoring for network
I am looking for an open source solution to authenticate the machines before they use the network services (internet/local lan/smb etc).
Currently I am using MS Domain Environment . but DC does not handles mobiles or PDAs.
I have in my network ,…
Asif
- 31
- 1
2
votes
0 answers
What legitimate services uses SAMR queries? And how to verify?
Recently I noticed that every few days, at (almost) the same time, one host is querying the Domain Controller for group members using SAMR calls. I am trying to understand why its happening continuously around the same time? is there a legitimate…
Onyx
- 21
- 1
2
votes
1 answer
Password reset for AD RODC-specific krbtgt_xxxxx accounts
While there's a lot of information [1], [2], [3] about resetting the password for the regular krbtgt account, but I haven't yet found a clear suggestion about RODC-specific krbtgt_xxxxx accounts.
Should those be rotated similarily to regular krbtgt…
plaes
- 121
- 4
2
votes
1 answer
How to safely extract hashes from domain controller for auditing?
I am looking for either tools or method that will extract the hashes and store them securely so that they can be placed onto a dedicated cracking station.
Obviously, they need to be transmitted and stored securely. Let's assume that the internal…
Arlix
- 1,459
- 3
- 13
- 22
1
vote
2 answers
Can a ransomware attack succeed with no root privileges, but instead if it does have privileged user access?
If an attacker succeeds in getting the password of an IT support privileged account (that has Domain Control rights), can he successfully carry out the attack and do the lateral movement needed between the Domain Controllers and/or users?
oolnux
- 33
- 1
- 5
1
vote
1 answer
Is it possible make a Pass-The-Hash attack with Responder?
The tool Responder written in Python permits to listen on a specific network card requests and automatically poisoning victims the steal hash NTLMv1 and hash NTLMv2.
The attack Pass-The-Hash permits to connect to a service like SMB.
I am a little…
Anonyme
- 274
- 2
- 8
1
vote
0 answers
Attack secure domain controller in environment with unique username/password combinations
I’ve already obtained local administrator on a domain user’s computer. Now, my target is one of the company’s domain controllers.
However, the domain controllers run no vulnerable services, and every username/password combination is unique across…
Shuzheng
- 1,097
- 4
- 22
- 37
1
vote
1 answer
A few files on a domain controller were encrypted - how could that have happened?
I've just realized that the policies on one of our Windows domain have been failing.
I've traced the problem and it turned out the INI files were encrypted by Globe ransomware (or one of its variants).
The files affected were all the policy INI…
Shaamaan
- 380
- 3
- 12
0
votes
0 answers
Does CVE-2020-1472 affect multiple domains
If a network has multiple domains (parent and child domains) each with a domain controller but only one child domain controller is vulnerable to CVE-2020-1472, would the parent and other child domains be affected if the vulnerable domain controller…