Tag Archives: LAPS

A long old way to Domain Admin: Propagating Infections

On a recent penetration test I made heavy use of Sec-1 Ltd’s tool sharecheck in a way to gain Domain Administrator privileges that had previously been missed. Effectively there was a lot of ground work in horizontal propagation which I automated through Meterpreter and Sharecheck.

I’ve mentioned Sharecheck before on my Internal Penetration Testing post, but I don’t believe I’ve ever ran through the features of this tool which I make use of on almost every test. Effectively this tool allows you to do four main things:

Continue reading: A long old way to Domain Admin: Propagating Infections

Deploying: Microsoft’s Local Administrator Password Solution (LAPS)

A common and critical vulnerability exploited during penetration tests is that of reused Local Administrator passwords. This issue is a common one it allows an attacker to find a vulnerable machine on a network, pull the administrative hash out of that machine and then log-in to a more interesting machine or ultimately privilege escalate.

Continue reading: Deploying: Microsoft’s Local Administrator Password Solution (LAPS)