Full Disclosure mailing list archives
Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002)
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Mon, 13 Dec 2010 20:17:39 +0000
You knew where I was going with that, and I know that YOU know all this, so I'll just leave that one alone :) t
-----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Monday, December 13, 2010 11:14 AM To: Thor (Hammer of God); 'George Carlson'; bugtraq () securityfocus com; full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002) If our users hadn't been local admins (not my choice), they would not have been able to eject Domain Admins from the Local Admins group in the first place.... David Gillett -----Original Message----- From: Thor (Hammer of God) [mailto:thor () hammerofgod com] Sent: Monday, December 13, 2010 10:49 To: David Gillett; 'George Carlson'; bugtraq () securityfocus com; full- disclosure () lists grok org uk Subject: RE: [Full-disclosure] Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002) You made all domain users local admin? Or did you do some sort of RUNAS in the logon script?-----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Monday, December 13, 2010 10:16 AM To: Thor (Hammer of God); 'George Carlson'; bugtraq () securityfocus com; full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002)If I take the domain admin out of my local administrators, they can't doanything. Done. Back when I did AD/domain support, all domain user accounts got a profile that included a trivial script to re-add Domain Admins to the Local Admins group. So this kind of local removal shenanigans lasted only until the user next logged into the domain. David Gillett
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002), (continued)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) StenoPlasma @ www.ExploitDevelopment.com (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Peter Setlak (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Peter Setlak (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Peter Setlak (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) David Gillett (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002) David Gillett (Dec 13)
- Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002) Jeffrey Walton (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) Michael Bauer (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 12)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Michael Wojcik (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Michael Bauer (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Marsh Ray (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 10)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Steve Cobb (Dec 13)