|
|
#5
05-11-2017, 03:39
|
|||
|
|||
|
With the default configuration on windows it is possible to login and execute commands as the local administrator user remotely. This can be done a few ways, and in fact you dont even need the password, only the hash.
There are tools to make it easy to exploit this situation such as: https://byt3bl33d3r.github.io/getting-the-goods-with-crackmapexec-part-1.html This article explains how it is possible to use WMI when you know admin credentials to execute commands and references other techniques: https://www.trustedsec.com/june-2015/no_psexec_needed/ The techniques listed in that article all provide a way with a local administrator account to get code execution on a remote box with the windows default settings (at least up to windows 7 (I am not completely sure about 8/10)). Last edited by surferxyz; 05-11-2017 at 03:44. 
|
| The Following User Says Thank You to surferxyz For This Useful Post: | ||
niculaita (05-11-2017) | ||
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Using Thread Local Storage (tls) in Olly | JuneMouse | General Discussion | 24 | 06-04-2005 19:32 |
| struct as local var in ida | upb | General Discussion | 3 | 03-03-2005 17:29 |
Threaded Mode