Reply to post: Local admin password

Doing business with Asia? Then worry more about security

Anonymous Coward
Anonymous Coward

Local admin password

"In addition, organisations typically did not vary the local administrator account password across systems in the environment."

When I did pentesting, this was true of many organisations, not just in asia. This is still true today.

It was usually for the helpdesk, having a local admin password the same across all machines meant it was easy to intervene, but what they created as effectively a domain admin account with hashes always stored locally... so the first machine you got a shell on, you just did a hashdump and then started moving laterally across the network with the metasploit psexec module (pass the hash) onto any machine.

LAPS (Local Administrator Password Solution) is what helps. It won't stop an attacker entirely, but will make it much more difficult for him to use creds on the 1st machine he pwns to own the entire domain.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon