On Mon, Apr 8, 2013 at 4:17 PM, Ben Scott <[email protected]> wrote: > On Mon, Apr 8, 2013 at 7:06 PM, Kurt Buff <[email protected]> wrote: >> Amusing? Alarming? Both? >> http://labofapenetrationtester.blogspot.in/2013/04/poshing-the-hashes.html > > Neither? > > It seem to boil down to, if you steal credentials, you gain access > to what those credentials protect. This should not be a surprise. > :-)
Not exactly neither - the use of WCE is the key, methinks. WCE allows theft of credentials from others accounts that are stored in RAM, with the possible upgrade of credentials that this would imply, if higher-security accounts such as DAs Agree with MBS that other tools could stand in for PowerShell, but WCE was actually new to me. Granted, you must be local admin to use WCE, but if you're local admin on a server or workstation, and a DA account logs in and leaves credentials in memory, well, your task is accomplished. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
