Consolidation of Power
Cracking the SAM: from local admin to domain admin, other users. See look for SAM, Disable LanMan authentication. Apply service packs!
- Countermeasures: choosing strong passwords -- no dictionary words, seven digits (if LanMan not disabled), alpha, special characters, facts, names from youth,etc. Win 2K, XP use Use SYSKEY SAM encryption, but Pwdump6 circumvents SYSKEY and dump hashes from SAM and Active Directory.
Duplicate credentials: locally stored domain user credentials (same user domain account), local Administrator with same password as in the Domain.
LSA Secrets: includes plain text service account passwords, cached passwords(last 10), FTP and web user plain text passwords, etc. A hack: Cain or available info by Design? DSScan detects LSA vulnerabilities.
Assumes that administrator-level access has been obtained.