Sign in to follow this  
Followers 0
Aloco

Domain Administrator Access

5 posts in this topic

Is it possible to gain administrator access as a local administrator and domain user? I am able to ping other users, and I can list all admins etc.

Thanks.

0

Share this post


Link to post
Share on other sites

Is it possible to gain administrator access as a local administrator and domain user? I am able to ping other users, and I can list all admins etc.

Thanks.

I'm not sure I understand your question fully. To login into a domain it will either authenticate from a pdc, bdc, or active directory. The local admin user will authenticate from the local system with credentials stored in the sam file. If the local user (in this case administrator account) has the same user name and password both locally and on the network, it will automatically login into to the doamin and local system. That is how it worked on older nt domains.

Local adminstrator has access to the entire local system. Domain adminstrator has access to the domain, and can access network services and active directory for the domain. Local administrator has no access to domain services.

Just curious, what do you mean when you say "ping a user"? I think you can only ping hosts on the network.

0

Share this post


Link to post
Share on other sites

Is it possible to gain administrator access as a local administrator and domain user? I am able to ping other users, and I can list all admins etc.

w

Thanks.

I'm not sure I understand your question fully. To login into a domain it will either authenticate from a pdc, bdc, or active directory. The local admin user will authenticate from the local system with credentials stored in the sam file. If the local user (in this case administrator account) has the same user name and password both locally and on the network, it will automatically login into to the doamin and local system. That is how it worked on older nt domains.

Local adminstrator has access to the entire local system. Domain adminstrator has access to the domain, and can access network services and active directory for the domain. Local administrator has no access to domain services.

Just curious, what do you mean when you say "ping a user"? I think you can only ping hosts on the network.

I do have access to list active directory. I know the difference between local and domain admin, I just wondered if you can do a command in order to change one of the admins password. Of course, "net user admin * /domain" won't work due to error 5, but all I currently got is the admins usernames, and in some cases full, real names by the "net group "Domain Admins" /domain" command and "net user [admin_username] /domain" command.

On the domain I try to gain access to, each user is given an individual local IP for the domain. (One with numbers and one [info].username.[domainname]. I can ping both.

0

Share this post


Link to post
Share on other sites

It is just kinda difficult to know exactly what you are asking. You can list active directory, but do you have domain admin acces? If so use dsmod. If you only have user level acces, no you cannot change an admin passwd. Unless you can find a way to elevate domain privs. If so any domain user could change any password on the system. To my knowledge there is no public exploit to do this on a fully patched system.

0

Share this post


Link to post
Share on other sites

It is just kinda difficult to know exactly what you are asking. You can list active directory, but do you have domain admin acces? If so use dsmod. If you only have user level acces, no you cannot change an admin passwd. Unless you can find a way to elevate domain privs. If so any domain user could change any password on the system. To my knowledge there is no public exploit to do this on a fully patched system.

Ok, that basically answered my question. English is not my first language, so I have a hard time expressing myself.

Thanks for the answer.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0