The best way to do it is connecting to the IPC$ via anonymous or connect to the
active directory via ldap.
Some time the restrictanonymous will block you and sometimes it wouldn't depend
on the system Harding.
you can do it manually or use a automate tools like enum,nbt enum,ldap enum
etc..
Now some of the tools give you the ability to check for groups
Example:
enum -G
And some of the tools will get the sid and from there you can find out who is
administrator
http://www.windowsecurity.com/articles/Protecting-Administrator-Account.html
Hope it helps
Roni Bachar
Avnet Penetration team manager
www.avnet.co.il
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Shankar Arjunan
Sent: Friday, July 18, 2008 8:23 AM
To: pen-test@securityfocus.com
Subject: How to get the list of domain admins
Hi all,
Can anyone tell me how to get list of users who are having domain admin
rights in a domain. I vaguely remember using it through command line
utility net use or net localgroup ..
Thanks in advance
Shankar
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
