If not, winter 2016 or whatever the year is and the date is at that time. Here's a list of every single user in our network,' which might be significant.Īt that point, I say, 'Hey, does anybody have a password of the name of the company Bain?' Most often they do. If you're on the network and null sessions are enabled, you can query a domain controller and say, 'Hey, give me a list of all the users.' The domain controller will say, 'Here, buddy. There's a lot of things that happened that allowed me to get local administrator.
Essentially what happens is though, if I can get local administrator on one box, then the probability of me exploiting the entire network is extremely high. So, there's a lot of ways this can play out. This is the taxing error that is happening on your network whenever your domain administrator is compromised, whenever you have a pen test, or heaven forbid your network is compromised by some unnamed threat actor.
