Jump to content

Gaining Admin Privileges On Network


Neill Young

Recommended Posts

Not being sarcastic, but start with google or use the search feature on the forums.

Link to comment
Share on other sites

1. I AM VERY SORRY, I was posting from my phone and messed up posting 3 times, If an admin can remove the other two posts I would be great-full.

Domain Network Privilege Escalation : a high level overview

compromise a system on the network

keylog that system and wait for a user with admin permissions to use it

or

compromise a serv and do the same thing

or

compromise the domain controler and add an admin acc or change the pass on an old dormant account and give that account domain privlages.

Remember this: Humans are creatures of habit and laziness. It is likely that one user even with multiple accounts for multiple things will use the same password or a simple variation. The same goes for someones regular and privileged accounts.

This is not an all inclusive list just some of the basics. Using these ideas it should be easier for you to look up guides/information.

This was written for a domain due to the fact that there is no single admin account on standard home stile workgroup/homegroup networks. There may be an account with the same name and password on several computers but they are still different accounts due to all accounts being local.

On local networks if you can control one box you can do quite a few things such as arp cache poisoning and reading people's packets. With a foothold in one computer you can nmap the rest of the network to see what is available for attack. IT isn't Admin on the network but it is the best position to start at in simple networks.

REMEMBER : if it isn't your network and you don't have permission, even privlage escalation

can get you in a ton of trouble. I provide information only for learning in theoretical / legal. tests/situations.

Edited by combatwombat27
Link to comment
Share on other sites

Metasploit is definitely one way to gain admin privileges.

The other way would be creating a local user account using a Live CD.

You could do a MITM attack on the network and sniff for passwords.

This one would be extremely illegal and I DO NOT recommend, install a keylogger on the target PC.

Link to comment
Share on other sites

So there's no way to brute force the router for the info?

Routers contain info for the router, not the workstation/server admin logins. Maybe we misunderstood what you are after, but a router password does not give you access to the workstations themselves unless the admin used the same password in both places. You would need to leverage access on the network to attack the workstations/servers on the network themselves, and so long as you can access the same network, you don't even need the router password to do this.

Link to comment
Share on other sites

i want to be able to access the options on a router (I.E. DNS server, mac address blocking, SSID,...) the whole 192.168.1.1 thing

Then you need to be part of the same network first(unless the admin page is accessible to the internet, which it shouldn't but might be by deault), and access the admin page for the router, by either brute force or some other flaw.

Link to comment
Share on other sites

i want to be able to access the options on a router (I.E. DNS server, mac address blocking, SSID,...) the whole 192.168.1.1 thing

As another member has said in order to do that you will need to be on the network. First step is coming up with the network password there are a million guides all over the internet dedicated to this. Once you have the password join the network and then you will need to open up the routers web page usually something like 192.168.0.1, 192.168.1.1 and so on depending on your the local IP you are assigned. Then you can **sometimes** get in using the default router logins which can also be found with a simple google search. However this only applies if the administrator of the network has not changed it. If they have then your best bet is using other tools while on the network to try and gather possible passwords because once again humans are creatures of habit so the passwords are usually the same for everything.

Keep in mind if you do not have permission to access the network all of this is against the law and obviously frowned upon.

Link to comment
Share on other sites

i want to be able to access the options on a router (I.E. DNS server, mac address blocking, SSID,...) the whole 192.168.1.1 thing

Go to CMD, type ipconfig and look for the default gateway IP address, assuming your computer is on the same subnet as the router, then type the IP address of the gateway inside a web browser and press enter. Your browser should prompt you for a username and password, if it doesn't than the administrator must have disabled remote administration or it can only be accessed locally via a serial cable physically connected to a computer.

If it does prompt you, you will need to figure out what the administrator username/password are. You could try brute forcing it, plenty of tools on the internet. I'd do a Google search for "HTTP brute forcers".

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...