tag:blogger.com,1999:blog-11026692.post8802275055293779205..comments2023-07-01T08:58:09.670+01:00Comments on CosmosKey: Online sIDHistory edit / SID injectionJohan Akerstromhttp://www.blogger.com/profile/17899776928291434638noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-11026692.post-72914944744911271902017-02-06T19:49:36.781+00:002017-02-06T19:49:36.781+00:00I know this is old, but couldn't you also over...I know this is old, but couldn't you also overwrite the SID directly, bypassing SID filtering entirely?Miloshhttps://www.blogger.com/profile/05338288757182095139noreply@blogger.comtag:blogger.com,1999:blog-11026692.post-855438413029513572014-12-17T10:53:20.769+00:002014-12-17T10:53:20.769+00:00Using mimikatz you can now do this without having ...Using mimikatz you can now do this without having to join a samba server to the domain or needing Domain Admin privilages. Check out mimikatz misc:addsidAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-11026692.post-50832846001769935582013-05-14T16:30:21.476+01:002013-05-14T16:30:21.476+01:00Hi Johan
Its me Akmil
I need to add a sid history...Hi Johan<br /><br />Its me Akmil<br />I need to add a sid history to a user (single user) any other way of putting it in - its a protected field in ADSI editAkmil Matloobhttp://www.copyparadise.comnoreply@blogger.comtag:blogger.com,1999:blog-11026692.post-78034524108302470142012-05-08T00:43:07.368+01:002012-05-08T00:43:07.368+01:00cjwdev,
It's not as bead as you seem to think...cjwdev,<br /><br />It's not as bead as you seem to think. The linux box is still added to a child domain as a DC. This needs domain admin privileges. So you only escalate domain admins to enterprise admins, which has been known for ages. Just haven't seen the "attack" done online or with samba 4 before. :)Johan Akerstromhttps://www.blogger.com/profile/17899776928291434638noreply@blogger.comtag:blogger.com,1999:blog-11026692.post-13115754876858992772011-01-09T17:03:43.303+00:002011-01-09T17:03:43.303+00:00That surprises me, but I don't know enough abo...That surprises me, but I don't know enough about Linux/AD integration to understand why this is possible. I would have thought AD must validate the data that comes from the Linux server sync and impose the same security rules for attribute editing that it does when you edit attributes from a Windows OS, otherwise what is stopping you just using this method to join any standard user to the domain admins group (by setting the primary group ID of that account to the domain admins RID for example). Anyway, interesting article :) thanksAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-11026692.post-36581007203488787972010-09-07T13:21:13.022+01:002010-09-07T13:21:13.022+01:00Thanks Rickard, I try my best :)Thanks Rickard, I try my best :)Johan Akerstromhttps://www.blogger.com/profile/17899776928291434638noreply@blogger.comtag:blogger.com,1999:blog-11026692.post-80121838273793927512010-08-20T08:21:17.867+01:002010-08-20T08:21:17.867+01:00Really nice work! Good tutorial!Really nice work! Good tutorial!Rickardnoreply@blogger.com