The procedure is the same for any other Windows Server version 2008, 2012, 2016 hosts.ġ. Be sure that distro name does not have spaces in the filename! Steps how to create image are same.įor this you will need an actual Windows Server 2012 installation ISO. The other Windows Server versions are supported. S2008R2_圆4fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso How to create own custom MS Windows Server for EVE: HERE you will find a great guide for the LAPS implementation Did you like this article? See how much YOU really know about cybersecurity! Test yourself. We didn’t talk about auditing, which is a subject for the next video, are you interested? This tutorial shows the technical steps, how we are able to make sure that the LAPS will be working and the rest of the little but very important details that you are able to set up after the implementation. You have just learned how to implement LAPS. That proves the point that the password was actually changed. So one more time we need to run gpupdate /force and let’s verify how it works from the hash perspective, is it changed? Let me remind you which hash we used for the Pass the Hash attack: for the local administrator it started with the E19 so right now we can check with the CQHashDumpV2 /samdump if it was changed, now we’ve got the 9C 53 C7, etc. On the Windows client, we are able to check if the password was changed. We are also able to set a certain expiration time including a moment in the past to force the password reset. So in the LAPS UI we are able to specify the computer name and observe what the password is and at what time it expires. Of course, there is also LAPS client I mentioned briefly. The password was generated and that’s the one that we will be using for this machine. While the policy is being updated we can check if the password for the local administrator was generated so we can go to the Active Directory Users and Computers and in the Attribute Editor for our managed computer we can observe the new password. Let’s switch to the client and run gpupdate /force. We’ve got these two policies configured in the GPO and then we are ready to update the policy on the client level. We have also to enable LAPS under “Enable local admin password management”. >LINK to the PsExec tool>LINK to the LAPS Policies -> Administrative Templates -> LAPS we can see Password settings allowing us to configure the complexity, length of the password, and change period. In order to hop in between the workstations and servers, we can use PsExec tool: We should be ready for now and in order to jump further. Well for real, we are actually the local administrator, we’ve got a token of the local administrator but a whoami utility will not show us this. The result looks quite funny because if we run whoami in this new console that we have just opened, here we can see that we are Freddy Krueger. >LINK to the Mimikatz>LINK to the PsExec tool>LINK to the Mimikatz to specify the hash that we know. It is important to understand the problem first so that we get the solution later. Then I will show you how to configure it with PowerShell, how to configure the group policy, and effectively how it works, including grabbing the hashes.īefore we learn how to implement LAPS, I would like to show you where the problem is by performing the Pass the Hash attack with our customized version of Mimikatz (an amazing tool written originally by Benjamin Delpy). First, we are going to install it onto the domain controller and on the endpoints. In this video tutorial, you will learn how to implement a Local Admin Password Solution (or Local Password Management) called LAPS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |