Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: James Guse (guse1LLNL.GOV)
Date: Fri Apr 20 2001 - 20:17:30 CDT
At 10:41 AM 4/20/2001 -0400, you wrote:
>It should be pointed out that anyone with local Admin privileges on a box
>that has a Domain Account-based service running can easily run l0phtcrack,
>or some similar tool, against their own SAM and determine the password of
>the service account that way.
>The technique Tony describes [...] is just another manifestation of the
>problems blindly giving Local Admin access create.
No, it's a manifestation of the problem of blindly giving Domain Admin
credentials to processes running on a machine fully controlled by someone
(i.e., the ''someone' has Local Admin or physical access) who shouldn't
have access to those credentials. That's not fundamentally different than
logging on as Domain Admin on any machine fully controlled by someone you
don't want capturing the Domain Admin credentials.
Put another way, I see no Windows vulnerability here. I find no standard
services on a typical NT Workstation that require domain admin credentials,
so what services should we look out for that either must, or incorrectly
do, run this way? The real question is when/where one might encounter this