InfoSec LAB

Axlle_User_Privileges_dallon.matrix

Created: 2 min read

dallon.matrix

Checking for user privileges after making the Lateral Movement to the dallon.matrix user

PS C:\> whoami /all
 
USER INFORMATION
----------------
 
User Name           SID                                          
=================== =============================================
axlle\dallon.matrix S-1-5-21-1005535646-190407494-3473065389-1125
 
 
GROUP INFORMATION
-----------------
 
Group Name                                 Type             SID                                           Attributes                                        
========================================== ================ ============================================= ==================================================
Everyone                                   Well-known group S-1-1-0                                       Mandatory group, Enabled by default, Enabled group
BUILTIN\Users                              Alias            S-1-5-32-545                                  Mandatory group, Enabled by default, Enabled group
BUILTIN\Performance Log Users              Alias            S-1-5-32-559                                  Mandatory group, Enabled by default, Enabled group
BUILTIN\Pre-Windows 2000 Compatible Access Alias            S-1-5-32-554                                  Group used for deny only                          
NT AUTHORITY\INTERACTIVE                   Well-known group S-1-5-4                                       Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                              Well-known group S-1-2-1                                       Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users           Well-known group S-1-5-11                                      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization             Well-known group S-1-5-15                                      Mandatory group, Enabled by default, Enabled group
LOCAL                                      Well-known group S-1-2-0                                       Mandatory group, Enabled by default, Enabled group
AXLLE\Web Devs                             Group            S-1-5-21-1005535646-190407494-3473065389-1127 Mandatory group, Enabled by default, Enabled group
AXLLE\Employees                            Group            S-1-5-21-1005535646-190407494-3473065389-1103 Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1                                      Mandatory group, Enabled by default, Enabled group
Mandatory Label\Medium Mandatory Level     Label            S-1-16-8192                                                                                     
 
 
PRIVILEGES INFORMATION
----------------------
 
Privilege Name                Description                    State   
============================= ============================== ========
SeMachineAccountPrivilege     Add workstations to domain     Disabled
SeChangeNotifyPrivilege       Bypass traverse checking       Enabled 
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
 
 
USER CLAIMS INFORMATION
-----------------------
 
User claims unknown.
 
Kerberos support for Dynamic Access Control on this device has been disabled.

The dallon.matrix user is part of both AXLLE\Web Devs and AXLLE\Employees groups The user also has SeMachineAccountPrivilege access

Interactive Graph View

Backlinks