Sunday, June 4, 2023

Thousand Ways To Backdoor A Windows Domain (Forest)

When the Kerberos elevation of privilege (CVE-2014-6324 / MS14-068) vulnerability has been made public, the remediation paragraph of the following blog post made some waves:
http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx

"The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain."

Personally, I agree with this, but .... But whether this is the real solution, I'm not sure. And the same applies to compromised computers. When it has been identified that malware was able to run on the computer (e.g. scheduled scan found the malware), there is no easy way to determine with 100% certainty that there is no rootkit on the computer. Thus rebuilding the computer might be a good thing to consider. For paranoids, use new hardware ;)

But rebuilding a single workstation and rebuilding a whole domain is not on the same complexity level. Rebuilding a domain can take weeks or months (or years, which will never happen, as the business will close before that).

There are countless documented methods to backdoor a computer, but I have never seen a post where someone collects all the methods to backdoor a domain. In the following, I will refer to domain admin, but in reality, I mean Domain Admins, Enterprise Admins, and Schema Admins.


Ways to backdoor a domain

So here you go, an incomplete list to backdoor a domain:

  • Create a new domain admin user. Easy to do, easy to detect, easy to remediate
  • Dump password hashes. The attacker can either crack those or just pass-the-hash. Since KB2871997, pass-the-hash might be trickier (https://technet.microsoft.com/library/security/2871997), but not impossible. Easy to do, hard to detect, hard to remediate - just think about service user passwords. And during remediation, consider all passwords compromised, even strong ones.
  • Logon scripts - modify the logon scripts and add something malicious in it. Almost anything detailed in this post can be added :D
  • Use an already available account, and add domain admin privileges to that. Reset its password. Mess with current group memberships - e.g. http://www.exploit-db.com/papers/17167/
  • Backdoor any workstation where domain admins login. While remediating workstations, don't forget to clean the roaming profile. The type of backdoor can use different forms: malware, local admin, password (hidden admin with 500 RID), sticky keys, etc.
  • Backdoor any domain controller server. For advanced attacks, see Skeleton keys 
  • Backdoor files on network shares which are commonly used by domain admins by adding malware to commonly used executables - Backdoor factory
  • Change ownership/permissions on AD partitions - if you have particular details on how to do this specifically, please comment
  • Create a new domain user. Hide admin privileges with SID history. Easy to do, hard to detect, easy to remediate - check Mimikatz experimental for addsid
  • Golden tickets - easy to do, hard to detect, medium remediation
  • Silver tickets - easy to do, hard to detect, medium/hard remediation
  • Backdoor workstations/servers via group policy
    • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunOnce,
    • scheduled tasks (run task 2 years later),
    • sticky-keys with debug
  • Backdoor patch management tool, see slides here
[Update 2017.01.10]


Other tricks

The following list does not fit in the previous "instant admin" tips, but still, it can make the attackers life easier if their primary foothold has been disabled:

  • Backdoor recent backups - and when the backdoor is needed, destroy the files, so the files will be restored from the backdoored backup
  • Backdoor the Exchange server - get a copy of emails
  • Backdoor workstation/server golden image
  • Change permission of logon scripts to allow modification later
  • Place malicious symlinks to file shares, collect hashes via SMB auth tries on specified IP address, grab password hashes later
  • Backdoor remote admin management e.g. HP iLO - e.g. create new user or steal current password
  • Backdoor files e.g. on shares to use in SMB relay
  • Backdoor source code of in-house-developed software
  • Use any type of sniffed or reused passwords in new attacks, e.g. network admin, firewall admin, VPN admin, AV admin, etc.
  • Change the content of the proxy pac file (change browser configuration if necessary), including special exception(s) for a chosen domain(s)  to use proxy on malicious IP. Redirect the traffic, enforce authentication, grab password hashes, ???, profit.
  • Create high privileged users in applications running with high privileges, e.g. MSSQL, Tomcat, and own the machine, impersonate users, grab their credentials, etc. The typical pentest path made easy.
  • Remove patches from servers, change patch policy not to install those patches.
  • Steal Windows root/intermediate CA keys
  • Weaken AD security by changing group policy (e.g. re-enabling LM-hashes)
Update [2015-09-27]: I found this great presentation from Jakob Heidelberg. It mentions (at least) the following techniques, it is worth to check these:
  • Microsoft Local Administrator Password Solution
  • Enroll virtual smart card certificates for domain admins

Forensics

If you have been chosen to remediate a network where attackers gained domain admin privileges, well, you have a lot of things to look for :)

I can recommend two tools which can help you during your investigation:

Lessons learned

But guess what, not all of these problems are solved by rebuilding the AD. One has to rebuild all the computers from scratch as well. Which seems quite impossible. When someone is creating a new AD, it is impossible not to migrate some configuration/data/files from the old domain. And whenever this happens, there is a risk that the new AD will be backdoored as well.

Ok, we are doomed, but what can we do? I recommend proper log analysis, analyze trends, and detect strange patterns in your network. Better spend money on these, than on the domain rebuild. And when you find something, do a proper incident response. And good luck!

Ps: Thanks to Andrew, EQ, and Tileo for adding new ideas to this post.

Check out the host backdooring post as well! :)
Read more

The Live HTML Editor



The Live HTML Editor program lets you write your HTML pages while viewing dynamically what changes are happening to your HTML page. The main purpose of this tool is to help HTML learners learn HTML quickly and easily while keeping an eye on what they are doing with their HTML page. It also helps developers in writing quick HTML lines to see how it will affect their HTML page.

This program can also help you visualize your inline and embedded CSS styles on fly. You can apply CSS styles and see them dynamically change the look and feel of your HTML page. Developers can test different inline and embedded CSS styles to make sure what will look good on their website.

Some of the features of this program are:
  •          Live HTML preview of whatever HTML you type.
  •          Supports HTML Syntax Highlighting.
  •          Supports opening an HTML file and Live Preview editing of that file.
  •          Supports Saving files.
  •          Support for inline and embedded CSS.

However this program does not support Javascript and it also doesn't support separate CSS files. This program is still in development phase and we might see support for Javascript and separate CSS files in the future.

If you are a student and want to learn HTML without having to install a bulky software that takes a lot of time to open and function, then this is a good option.

The Live HTML Editor is Free and Opensource project and has been written in Python with QT interface you can check out source from sourceforge.

Related posts


  1. Hackrf Tools
  2. Hack Tools
  3. Tools For Hacker
  4. Hacking Tools For Windows 7
  5. Pentest Tools Free
  6. Pentest Automation Tools
  7. New Hack Tools
  8. Hacker Techniques Tools And Incident Handling
  9. Hack App
  10. Pentest Recon Tools
  11. Hacker Tools Software
  12. Wifi Hacker Tools For Windows
  13. Pentest Tools Open Source
  14. Pentest Reporting Tools
  15. Hack Tools Online
  16. Pentest Tools Url Fuzzer
  17. Github Hacking Tools
  18. Pentest Tools Online
  19. Pentest Tools Find Subdomains
  20. Hacking Tools For Mac
  21. Hacking Tools Download
  22. Computer Hacker
  23. Pentest Tools Windows
  24. How To Install Pentest Tools In Ubuntu
  25. Hacker Tools For Windows
  26. Hacker Tools Free Download
  27. Pentest Tools Nmap
  28. Hacking Apps
  29. Hacking Tools Pc
  30. Hacker Tools Software
  31. Hacker Tools For Pc
  32. Pentest Tools Linux
  33. What Is Hacking Tools
  34. Hacker Tools Windows
  35. Hacker Techniques Tools And Incident Handling
  36. Hacking App
  37. Hack Website Online Tool
  38. Pentest Tools Github
  39. How To Make Hacking Tools
  40. Hacking Tools Software
  41. Pentest Box Tools Download
  42. Tools Used For Hacking
  43. Tools Used For Hacking
  44. Hacking Tools Pc
  45. Usb Pentest Tools
  46. Physical Pentest Tools
  47. Underground Hacker Sites
  48. Hacking Tools For Kali Linux
  49. Hack Tool Apk No Root
  50. Pentest Reporting Tools
  51. Pentest Tools Nmap
  52. Hacker Tools Hardware
  53. Nsa Hacker Tools
  54. Hacker Tools Linux
  55. Hacker Tools For Windows
  56. How To Install Pentest Tools In Ubuntu
  57. Hacking Tools For Beginners
  58. New Hack Tools
  59. Hack And Tools
  60. Pentest Tools Linux
  61. New Hack Tools
  62. Best Hacking Tools 2020
  63. Pentest Tools Bluekeep
  64. Hack And Tools
  65. Pentest Box Tools Download
  66. Hacker Tools Free Download
  67. Hack Tools
  68. Usb Pentest Tools
  69. Pentest Tools Free
  70. Pentest Tools Nmap
  71. What Is Hacking Tools
  72. Hacking Tools For Kali Linux
  73. Pentest Tools Open Source
  74. Best Hacking Tools 2020
  75. Hacks And Tools
  76. Hack Website Online Tool
  77. Hacker Tools 2019
  78. Hack Tools
  79. Pentest Tools For Android
  80. Hacker
  81. Hack Tool Apk
  82. Pentest Tools Kali Linux
  83. Hack Tools 2019
  84. Hack Tools For Games
  85. Beginner Hacker Tools
  86. Nsa Hack Tools
  87. Hacking Tools Software
  88. Pentest Tools Linux
  89. Pentest Recon Tools
  90. Hacking Tools Name
  91. Pentest Tools Website Vulnerability
  92. Hacker Tools Apk
  93. Pentest Tools Framework
  94. Pentest Tools Open Source
  95. Best Hacking Tools 2020
  96. Hacker Tools
  97. Pentest Tools Nmap
  98. Nsa Hacker Tools
  99. Hack Tools Pc
  100. Hacking Tools Download
  101. Pentest Tools Download
  102. Hacking Apps
  103. World No 1 Hacker Software
  104. Hack Tool Apk No Root
  105. Pentest Tools Linux
  106. Kik Hack Tools
  107. Top Pentest Tools
  108. Easy Hack Tools
  109. Pentest Tools Kali Linux
  110. Hacking Tools Download
  111. How To Hack
  112. Pentest Tools
  113. Nsa Hacker Tools
  114. Pentest Tools Linux
  115. Hack Tools For Pc
  116. Hacker Tools Apk Download
  117. Pentest Tools Tcp Port Scanner
  118. Hack Tools Github
  119. Hack Tools For Ubuntu
  120. Hacker Tools Windows
  121. Hacker Tools Free
  122. Hacker Tools
  123. Nsa Hacker Tools
  124. Pentest Tools Website Vulnerability
  125. Free Pentest Tools For Windows
  126. Hacking Tools Software
  127. Pentest Tools Kali Linux
  128. Hacker Tools Free Download
  129. Nsa Hacker Tools
  130. Hacker Search Tools
  131. Physical Pentest Tools
  132. Hackrf Tools
  133. Free Pentest Tools For Windows
  134. Hacking Tools Pc
  135. Hacker Tools Online
  136. Hacking App
  137. Hacking Tools
  138. Hacker Tools Linux
  139. Hack Rom Tools
  140. Hacking Tools Mac
  141. Game Hacking
  142. Tools Used For Hacking
  143. Hacking Tools For Windows
  144. Blackhat Hacker Tools
  145. Pentest Tools Free
  146. Github Hacking Tools
  147. Hacking Tools Name
  148. Hacking Tools Windows 10
  149. Hacking Tools Github
  150. Nsa Hack Tools Download
  151. Pentest Box Tools Download
  152. Hack And Tools
  153. Hack Tools Download
  154. Pentest Tools Url Fuzzer
  155. Pentest Tools For Windows
  156. Hacking Tools Name
  157. Ethical Hacker Tools
  158. Hacking Tools For Windows 7
  159. Pentest Tools Website
  160. Hack Website Online Tool
  161. Hacking Tools 2019
  162. Hacker Tools Hardware
  163. Free Pentest Tools For Windows
  164. Pentest Tools Linux
  165. Hacking Tools 2020
  166. Hacking Tools Kit
  167. Hacker Tools Apk
  168. Hacking Tools For Pc
  169. What Is Hacking Tools
  170. Pentest Tools For Android
  171. Pentest Tools List
  172. Pentest Tools Download
  173. Hack Tools For Games
  174. Pentest Box Tools Download

Top 10 Best Google Gravity Tricks 2018

Best Google Gravity Tricks 2018

Top 10 Best Google Gravity Tricks 2018

Google is the search engine where the people look up for the things. Yet apart from being only a search engine this website is highly functional and has a lot of functions dubbed inside it. And even the webmasters don't know about all the features as they are so vast that you need to explore lots of things to get to know about them all.  There are a number of gravity opposing tricks in the Google search page that you would like to enjoy. Well many of you guys must be new to this word as only 15% of Google users know this thing and for rest, I'm here to guide you up in this. Here in this article, we have written about the best google gravity tricks that you could ever find in this year. If you are interested to know about it then please read the main section of this post as it is given below. This was all the introduction part of this post and now after this line, we are going to skip to the main section. We recommend you to read till the end to get the fullest information from this page!

Top 10 Best Google Gravity Tricks 2018

Below I have mentioned some of the best tricks that I tried as I was getting bored and thought about exploring something new and then I searched Google Tricks on google and then I get to know that even these things are also possible on the Google. You can use so many different things to kill your boredom on Google. There I decided to note down these tricks and share the article with you so that you can also avail these. So follow the below guide to proceed.

#1 Google zero gravity level fall

Best Google Gravity Tricks 2018
Best Google Gravity Tricks 2018
This is the first trick that amazed me as when I get to know this thing can happen when I was really surprised as it was quite funny. It is a standout amongst the most astonishing google gravity trap. In this trap, the substance will appear like tumbling to a level surface. Every one of the substances like pictures, writings, and so on of your page will be upset. They will look somewhat bouncy and turned around that looks exceptionally energizing and stunning.

#2 Google Sphere

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
This is second best google gravity trap. In this trap, the substance rotates in a round way. Be that as it may, you will think that its little hard to deal with it since you need to chip away at turning writings.

#3 Google Loco

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
This google gravity trap is much like the google zero gravity. You will see the substance as falling in a seismic tremor,

#4 Zerg Rush

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
This is one of my most loved google gravity trap. In this deceive you will see somewhere in the range of zeros spreading in your page. to utilize this trap Open Google.com and hunt Zerg Rush through utilizing the search bar.

#5 Google submerged

Best Google Gravity Tricks 2018
Best Google Gravity Tricks 2018
This is of the most attractive google gravity trap. In this deceive you will see a domain of submerged. You will see the pursuit bar coasting in the water.

#6 Do a barrel roll

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
This is likewise an astounding google gravity trap. In this deceive, you will get an impact to your page with which, your page will turn in a solitary minute.

#7 Google Guitar

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
This is additionally a stunning google gravity trap. In this deceive, you can play guitar on the web index. You can play your coveted tunes with it. Google will give you notes to your tunes.

#8 Google zero gravity reversal

Best Google Gravity Tricks 2018
Best Google Gravity Tricks 2018
This is one of the coolest Google gravity trap. In this deceive, you will get a perfect representation of your site page. You will feel like you are on the opposite side of the screen.

#9 Google space

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
In this google gravity deceive you encounter a dream of the room. It implies that the substance of your page will appear like gliding noticeable all around with no gravitational power.

#10 Pacman

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks 2018 That You Need To Try
This is the standout amongst the most energizing google gravity trap. With this deceive, you can play Pacman game in this.
Finally, after reading this article, you have got to know about. We have tried to provide you this content in the simple and easy to read wordings and hope that you would have easily got about everything written up here. We believe that you might like this article and if it is what you think then please try to share it with others too. Your indulgence in our post is really valuable to us, so do not miss to write about your opinions and suggestions regarding this article through using the comments section below. At last but never the least thanks for reading this article!

Continue reading


  1. Hacking Tools For Windows 7
  2. Hacker Tools For Windows
  3. Hacking Tools Kit
  4. Hackrf Tools
  5. Hacker
  6. Hacking Tools For Games
  7. How To Hack
  8. Hack Tools Pc
  9. Pentest Tools Alternative
  10. Pentest Tools Framework
  11. Hack Tools 2019
  12. Pentest Tools Url Fuzzer
  13. World No 1 Hacker Software
  14. Hacker Tools List
  15. Easy Hack Tools
  16. Hacker Tools For Ios
  17. Hacking Tools For Windows
  18. Hacker Tools Windows
  19. Install Pentest Tools Ubuntu
  20. Hacker Hardware Tools
  21. Pentest Tools For Ubuntu
  22. Hacking Tools For Kali Linux
  23. Hack Tools For Ubuntu
  24. Hacking Tools Download
  25. Hacking Tools For Windows Free Download
  26. Hacking Tools For Windows 7
  27. Hack And Tools
  28. Hacker Tools Free
  29. Pentest Reporting Tools
  30. Hacker Tools Linux
  31. Blackhat Hacker Tools
  32. Pentest Tools Alternative
  33. Hacker Tools Mac
  34. Pentest Recon Tools
  35. Hacker Security Tools
  36. Best Hacking Tools 2019
  37. Pentest Tools Free
  38. Hacking Tools 2020
  39. Hacker
  40. Hacking Tools For Mac
  41. Hack App
  42. Hack Tool Apk No Root
  43. Underground Hacker Sites
  44. Hacking Tools For Beginners
  45. Hacking Tools For Games
  46. How To Hack
  47. Hacker Tools Online
  48. Pentest Recon Tools
  49. Hacker Tools Online
  50. Hack Tools For Mac
  51. Physical Pentest Tools
  52. Hack Tools For Games
  53. Hacking Tools Free Download
  54. Pentest Tools List
  55. Hacking Tools 2020
  56. Computer Hacker
  57. How To Install Pentest Tools In Ubuntu
  58. New Hacker Tools
  59. Android Hack Tools Github
  60. Hacker Tools Hardware
  61. Best Pentesting Tools 2018
  62. Hacking Tools For Beginners
  63. Pentest Tools
  64. Pentest Tools Subdomain
  65. Pentest Reporting Tools
  66. Ethical Hacker Tools
  67. Hacking Tools Name
  68. Best Pentesting Tools 2018
  69. Hack Rom Tools
  70. Hack Tools For Ubuntu
  71. Hacking Tools For Kali Linux
  72. What Are Hacking Tools
  73. Pentest Tools Url Fuzzer
  74. How To Hack
  75. Ethical Hacker Tools
  76. Hacker
  77. Hacking Tools For Games
  78. Physical Pentest Tools
  79. Hacking Tools For Games
  80. Pentest Tools Online
  81. Beginner Hacker Tools
  82. Pentest Tools
  83. Hacking Tools And Software
  84. Hack Tools For Windows
  85. Hacker Tools Mac
  86. Hacking Apps
  87. Hacking Tools Usb
  88. Hacking Tools Name
  89. Pentest Tools For Mac
  90. Hacking Tools Online
  91. Hack Tools For Ubuntu
  92. Hacker Tools Free
  93. What Are Hacking Tools
  94. Pentest Tools Apk
  95. Pentest Tools Review
  96. Pentest Tools Windows
  97. Hacker Tools Online
  98. Best Pentesting Tools 2018
  99. Easy Hack Tools
  100. Hacking Tools Windows 10
  101. Hacker Tools Mac
  102. Pentest Tools Website
  103. Pentest Tools Open Source
  104. Hack Website Online Tool
  105. Underground Hacker Sites
  106. Hack Rom Tools
  107. Hacking Tools Download
  108. Hackers Toolbox
  109. Hak5 Tools
  110. Hack Rom Tools
  111. Pentest Tools For Android
  112. Hacking Tools Windows 10
  113. Hacker Tools Hardware
  114. Pentest Tools Subdomain
  115. How To Install Pentest Tools In Ubuntu
  116. Hacker Tools Github
  117. Pentest Tools Alternative
  118. Hacking Tools Windows 10
  119. Hacking Tools Windows 10
  120. Underground Hacker Sites
  121. Beginner Hacker Tools
  122. Hacking Tools Windows
  123. Pentest Tools Find Subdomains
  124. Pentest Tools Alternative
  125. Hack Tools Mac
  126. Pentest Tools List
  127. Pentest Tools Framework
  128. Hackers Toolbox
  129. Hacker Tools Free
  130. Beginner Hacker Tools
  131. Physical Pentest Tools
  132. Hack Tools For Games
  133. Hacking Tools Pc
  134. Hacker Tool Kit
  135. Game Hacking
  136. Underground Hacker Sites
  137. Hack Apps