Windows Privilege Escalation - SeBackupPrivilege

Рет қаралды 7,232

Conda

Күн бұрын

Пікірлер: 24

@0xbro 3 жыл бұрын

Woah didn't know this technique! Thank you so much!

@c0nd4 3 жыл бұрын

No problem! It's a fun one

@hewfrebie2597 3 жыл бұрын

Can you make video about setting up metasploitable3 both ubuntu 14.04 and windows 2008 that uses a Vagrant and Packer?

@horusyt4828 2 жыл бұрын

I'm adding user to backup operator but they can't access my shared folder if they are sitting in different location under domain

5 ай бұрын

i had a problem when i typed "evil-winrm -i -u Administrator -H ", i received "Error: An error of type WinRM::WinRMAuthorizationError happened, message is WinRM::WinRMAuthorizationError Error: Exiting with code 1" Can you help me fix this? thank you!

@TheBash000 2 жыл бұрын

Do we need the SEBackupPrivilege script if we can already use Shadow Copies and mount to a new drive? We can just download the hives directly from x: ?

@quanghuyang2822 Жыл бұрын

Hi, I'm new to the world of security administration, and I was hoping to get some guidance from someone with your expertise. Do you have any advice on mapping out a career path in this area?

@nate8824 3 жыл бұрын

Thank you! As someone who's preparing for the oscp and struggling with windows privesc techniques, this really helps. Please upload more videos like these. 😀

@c0nd4 3 жыл бұрын

Glad i can help! I do plan on continuing this series.

@nate8824 3 жыл бұрын

@William Frank yes it is!

@Cossaw 2 жыл бұрын

@@nate8824 gotta love Near :)

@ashr_ 2 жыл бұрын

Highergrade, do this with an account with no remote logon access...

@Cossaw 2 жыл бұрын

oooh I see you like deathcore ;)

@kingsleyndubuisinwobu9021 3 жыл бұрын

Thanks Conda , you are doing an amazing work. Pls more videos like this.

@c0nd4 3 жыл бұрын

Thank you!

@Cossaw 2 жыл бұрын

These videos are so clean. Thanks for making them! On somewhat of a side note; what are some common ways to be able to start attacking AD, but from an external network starting point?

@c0nd4 2 жыл бұрын

Thank you! If you're talking about an external standpoint, I'm going to assume the DC isn't accessible and you're only hitting targets in a DMV. In that case, password spraying or gaining a foothold on a domain joined machine in some way is going to be vital.

@Cossaw 2 жыл бұрын

@@c0nd4 Do you mean DMZ? So would something like bruteforcing VPN and OWA credentials be a good idea?

@c0nd4 2 жыл бұрын

Yeah I meant DMZ, autocorrect lol. Those are both good ideas. And when doing this it's important to check the password lockout policy with a client to ensure you don't lock all the accounts out.

@Cossaw 2 жыл бұрын

@@c0nd4 Gotcha! Yup, good advice. Feel free to lemme know if there's other good paths in. External assessments might be rather close to adversary simulation in some regards. Full attack chain from complete outsider with only access to some externally facing servers and OSINT, to eventually attempting DC takeover. Scary stuff