RE: How to get the list of domain admins

[Roni Bachar <roni () avnet co il>]

The best way to do it is connecting to the IPC$ via anonymous or connect to the active directory via  ldap.

Some time the restrictanonymous will block you and sometimes it wouldn't depend on the system Harding.


you can do it manually or use a automate tools like enum,nbt enum,ldap enum etc..

Now some of the tools give you the ability to check for groups

Example:

enum -G

And some of the tools will get the sid and from there you can find out who is administrator

http://www.windowsecurity.com/articles/Protecting-Administrator-Account.html

Hope it helps

Roni Bachar
Avnet Penetration team manager
www.avnet.co.il


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Shankar Arjunan
Sent: Friday, July 18, 2008 8:23 AM
To: pen-test () securityfocus com
Subject: How to get the list of domain admins

Hi all,

Can anyone tell me how to get list of users who are having domain admin
rights in a domain.  I vaguely remember using it through command line
utility net use or net localgroup ..

Thanks in advance
Shankar


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------