View Single Post
  #5  
Old 05-11-2017, 03:39
surferxyz surferxyz is offline
Friend
 
Join Date: Jan 2005
Location: Planet Earth
Posts: 73
Rept. Given: 0
Rept. Rcvd 9 Times in 4 Posts
Thanks Given: 10
Thanks Rcvd at 52 Times in 19 Posts
surferxyz Reputation: 9
With the default configuration on windows it is possible to login and execute commands as the local administrator user remotely. This can be done a few ways, and in fact you dont even need the password, only the hash.

There are tools to make it easy to exploit this situation such as:
https://byt3bl33d3r.github.io/getting-the-goods-with-crackmapexec-part-1.html

This article explains how it is possible to use WMI when you know admin credentials to execute commands and references other techniques:
https://www.trustedsec.com/june-2015/no_psexec_needed/

The techniques listed in that article all provide a way with a local administrator account to get code execution on a remote box with the windows default settings (at least up to windows 7 (I am not completely sure about 8/10)).

Last edited by surferxyz; 05-11-2017 at 03:44.
Reply With Quote
The Following User Says Thank You to surferxyz For This Useful Post:
niculaita (05-11-2017)