Correct me if I'm wrong, but here is what I think of that : A Domain user that is a Local admin of his workstation is different than a Domain user which is Domain Admin.
Then, a local admin whose account is an AD account can run scripts *on his local machine* in the name of the domain admin. This includes the possibility of dumping the Domain Admin password hash and even *all the domain accounts password hashes* (ie: psexec + pwdump against the DC, with the privileges of the domain admin). An exploitation scenario could be the following for an unprivileged domain user: - Become local admin of his workstation (bunch of methods out there) - Run script ad the Domain Admin with this technique) - Recover Domain admin or Domain Users password hashes. - Crack the passwords and become Domain Admin (ie: Administrator of all workstations and servers in the domain). My two cents ! J- On 10/12/2010 15:37, Jeffrey Walton wrote: > On Thu, Dec 9, 2010 at 10:07 PM, Thor (Hammer of God) > <[email protected]> wrote: >> What do you mean by "regular local administrator"? You're a local admin, >> or you're not. > I believe the OP's intent was to differentiate between Local > Administrators and Domain (or Enterprise) Administrators. Corrections > from StenoPlasma are welcomed. > >> There are not degrees of local admin. > But there are different accounts, both domain and local, which have > administrator rights and privileges on the local machine. > > [SNIP] > > Jeff > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
