Results 1 to 3 of 3

Thread: Local Admin -> Domain Admin

  1. #1
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    5

    Default Local Admin -> Domain Admin

    I am an IS group intern working at my fathers company over the summer. Basically i have a lot of downtime and an interest in pentest and security risk scenarios. So i talked to my boss and in my spare time i am working on i guess finding flaws in the system/just learning different stuff. I am a domain admin but i was interesting in trying to access domain accounts as if an outside person.

    So far i was able to crack the local SAM passwords that are located on the workstations and able to login as a local administrator. However, i am having difficulties cracking the cached domain stores. I realize they are much harder due to them being salted though they take forever to crack. I even changed my domain acct pw to abc123 than cached those credentials and dumped them and it still says like 2+ days to crack within john. I also tried pass the cache in metasploit but kept hitting deadends because that program is still over my head as of right now.

    I was wondering if there were any other type of methods that i could try. I know we use OneSign stores your domain password and instantly logs you into different networked programs when you launch them, but haven't been able to locate those pws. I have a basic knowledge of linux and wanted to get better. I am a SRA major at PSU but we havent gotten to the core level classes yet.

    Thanks

    Oh were using xp workstations with 2003 AD's. Also i managed to set up a copy of are AD and an XP workstation into VMware and have been playing around primarily in there.

  2. #2
    Junior Member Liuser's Avatar
    Join Date
    Apr 2010
    Posts
    58

    Default Re: Local Admin -> Domain Admin

    What command are you using for JTR? JTR will not crack the cache passwords unless you explicitly state the format that it is of cache format.

  3. #3
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    5

    Default Re: Local Admin -> Domain Admin

    -format:mscash mydump.txt

    with either -i or my wordlist

Similar Threads

  1. need good resources to learn about group policy domain, admin
    By KingMidas in forum OLD General IT Discussion
    Replies: 1
    Last Post: 01-20-2010, 01:30 AM
  2. Hey Admin.....
    By Henry Microfarad in forum OLD Newbie Area
    Replies: 6
    Last Post: 07-28-2009, 01:33 AM
  3. Local Admin --> Domain Admin ??
    By imported_l1nuxant_ee in forum OLD Specialist Topics
    Replies: 14
    Last Post: 07-14-2009, 07:30 PM
  4. Social Engineering to gain VPN and domain admin
    By williamc in forum OLD Pentesting
    Replies: 19
    Last Post: 12-22-2008, 07:55 AM
  5. Server 2008 Domain Admin Password Recovery
    By Dudeman02379 in forum OLD General IT Discussion
    Replies: 19
    Last Post: 11-02-2008, 06:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •