Metasploit mailing list archives
incognito module list_tokens question and add_group_user remark
From: nyga at freemail.hu (Nagy Istvan)
Date: Wed, 9 Sep 2009 08:26:02 +0200 (CEST)
helo! I was playing with the meterpreter shell especially with the incognito module. I would have some questions. First I describe what I did: I have a dc, a member server, and an attacker machines. the attackers machine not a domain member of course. On the DC I created a new user named a. I made this user the memeber of three groups: GlobalGroupofA it was a global group, DLGroupofA it was a domain local group, and UGroupofA yes, it was a universal group. I started a notepad in the name of this newly created user on the member server. Through an exploit I sent a meterpreter shell to the server machine, I become administrator. I used the ps, and migrate command to go to the winlogon process, to get system right, It worked. then I used the list_tokens -u command, I saw the user administrator, network service, local service, etc. and user a. then I used the list_tokens -g command, I saw the usual groups like administrators, users, thisorganization (what is it? I doi not know, just see it always) BUT I did SEE OLNY the UGroupofA not GlobalGroupofA neither DLGroupofA. Can anyone explain me why is this happens? why do I see with list_tokens -g the universal groups, but do not see global or domain local. Thanks in advance. One more remarks, I also was playing withe the add_group_user command, it can also add a user to a universal group, not only to a global group, as it is mentioned on the help. one just has to use the -h nameorIP of the dc option. ________________________________________________________<br>-10% KEDVEZM?NY MINDEN rakt?ron l?v? AEG – ELECTROLUX – ZANUSSI h?ztart?si g?p felt?ntetett ?r?b?l!<br>S?t?+f?z?lap szettek – mosogat?g?pek – mos?g?pek – t?zhelyek – h?t?k ORSZ?GOS h?zhozsz?ll?t?ssal!<br>RENDELJ GYORSAN! – Az akci? 09.20-?n 24 ?r?ig tart! AEGshop.hu<br>http://ad.adverticum.net/b/cl,1,6022,350141,432510/click.prm
Current thread:
- incognito module list_tokens question and add_group_user remark Nagy Istvan (Sep 08)