Twenty - six hundred (usually used with numerals instead of written out) is a magazine that I enjoy reading to find out what the latest security holes are from those who find them. In an interesting article from one of my older issues I came across an article detailing how to turn a 'local machine' administrator into a 'domain' administrator.
I am not going to post the code that was detailed in the article but it is a fairly straightforward procedure that I will vaguely describe (in case this has not been patched). Using a batch file with the basically four lines of code and placing it in the all users startup folder will allow it be run by any user logging onto that computer, most importantly a current domain administrator.
If you don't want to rely on that you can create another batch file that will propagate over the entire domain. Kinda spooky but good to keep an eye on.
Dunn, D. (2010, Autumn 00). How to turn local admin into domain admin. 2600: The Hacker Quarterly, 27(3), 68.
No comments:
Post a Comment