Hacks Weekly #2: Microsoft Local Admin Password Solution (LAPS)

Hacks Weekly #2: Microsoft Local Admin Password Solution (LAPS) - Deployment Steps

Рет қаралды 54,313

Күн бұрын

Пікірлер: 39

@danking7830 8 жыл бұрын

Great tutorial. At 12:00 the rights you are looking for are farther down the list, not the "All Extended Rights". There are 4 with the following naming convention: "ms-Mcs-AdmPwd*" . Those are the ones associated with the LAPS schema and where passwords are stored.

@BernardoAmorim 6 жыл бұрын

Ok so now I have to implement this across my company domain!!! Thanks Alot! Its a gresat video! You make these computers more human!!!

@jeliazkozlatev3940 3 жыл бұрын

i was wondering if you can make some series of videos on securing default windows installation i.e. best practices

@CQUREAcademy 3 жыл бұрын

That's a great idea!

@aksfortech Жыл бұрын

Awesome Madam !

@RichardDalrympleplus 2 жыл бұрын

Were do you see logs?

@tjokkerstar1462 7 жыл бұрын

Why was helpdesk not checked in "All extended rights" if that is what makes them able to read?

@tomdrozdek4751 3 жыл бұрын

They needed to scroll down to see the checked items.

@lijie6431 6 жыл бұрын

Can you mitigate pass the hash exploit by disabling Ntlm?

@waseemhacks707 5 жыл бұрын

Full episode link please ?

@maninder1984 2 жыл бұрын

Thank you, very good information

@CQUREAcademy 2 жыл бұрын

Thank you!

@TheStevenWhiting 6 жыл бұрын

I assume you need more permissions that domain admin to update the adschema? I had to just use psexec to run powershell as system so I could do the update. Schema Admins by any chance?

@jordangelino1387 7 жыл бұрын

Great video! Thanks for sharing.

@nadeemali79 7 жыл бұрын

interesting and excellent share

@virtualallocex1062 5 жыл бұрын

Very nice Video, thank you!

@Blueraazor 8 жыл бұрын

Good job!

@larson123123 7 жыл бұрын

Yeah, good job. It's on the 70-744 exam.

@ukaszkoteluk8791 7 жыл бұрын

Po zastosowaniu się do wszystkich kroków i wygenerowaniu nowego hasła, nadal obowiązuje stare hasło , z którego do tej pory korzystałem. Czyżbym nie do końca rozumiał idei tego narzędzia?

@itai1984 7 жыл бұрын

Just wondering , in the real world each endpoint has at least AV and sometimes additional anti malware tools, is this tool is still effective besides the POC concepts shown here?

@Ruchikun 7 жыл бұрын

the tool can be customized and bypass any AV

@vijayreddy804 7 жыл бұрын

Very Helpful

@jstump1972 8 жыл бұрын

Does the management side of LAPS have to be installed on a Domain Controller?

@double-you5130 7 жыл бұрын

YES - that is how you get your admx and adml files in your loca policy store then you copy the admpwd.admx/l files to your adml/s policy store on your sysvol.

@arjunkashyap7360 6 жыл бұрын

Why would I need a hash to get access of other system's local admin when the password of my machine and their machine is same because to perform the hack , i need admin privilege which i will only be having if i am having the password of that local admin. Please correct me if i am wrong or missing something.

@zackcato3976 4 жыл бұрын

addc

@jstump1972 8 жыл бұрын

how to separate permissions to view password on client computer versus servers, we would not want the desktop team folks to see servers local admin passwords.

@double-you5130 7 жыл бұрын

you dont install the GUI on the clients - only on the server. so you can only look at passwords on server. since you will deploy this with GPO and the default for the msi package is client only. there ill be no issue.

@drunkenduck2 5 жыл бұрын

I follwed the tut, but i dont can read a password. The dc is running in a vm. I am the Domain Administrator. No way to read password. Especially i cant See if my Configuration is working.

@CQUREAcademy 5 жыл бұрын

In this tutorial, we are extracting hashes, not passwords. However, if you have problems with extracting the hash from the SAM database, it may be caused by not having enough privileges. Please make sure you used psexec to elevate to the local system (as Paula is doing in the video) and then verify if it was successful with “whoami” command. Also please note that you need to run CQHashDumpv2 or Mimikatz from that very terminal window which is running under “nt authority\system”