InfoSec LAB

Flight_User_Privileges_svc_apache

Created: 2 min read

svc_apache

Checking for user privileges of the svc_apache account after conducting basic enumeration

ps c:\tmp> whoami /all
 
USER INFORMATION
----------------
 
User Name         SID                                           
================= ==============================================
flight\svc_apache S-1-5-21-4078382237-1492182817-2568127209-1612
 
 
GROUP INFORMATION
-----------------
 
Group Name                                 Type             SID          Attributes                                        
========================================== ================ ============ ==================================================
Everyone                                   Well-known group S-1-1-0      Mandatory group, Enabled by default, Enabled group
BUILTIN\Users                              Alias            S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Pre-Windows 2000 Compatible Access Alias            S-1-5-32-554 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\SERVICE                       Well-known group S-1-5-6      Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                              Well-known group S-1-2-1      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users           Well-known group S-1-5-11     Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization             Well-known group S-1-5-15     Mandatory group, Enabled by default, Enabled group
LOCAL                                      Well-known group S-1-2-0      Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1     Mandatory group, Enabled by default, Enabled group
Mandatory Label\High Mandatory Level       Label            S-1-16-12288                                                   
 
 
PRIVILEGES INFORMATION
----------------------
 
Privilege Name                Description                    State   
============================= ============================== ========
SeChangeNotifyPrivilege       Bypass traverse checking       Enabled 
SeCreateGlobalPrivilege       Create global objects          Enabled 
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
 
 
USER CLAIMS INFORMATION
-----------------------
 
User claims unknown.
 
Kerberos support for Dynamic Access Control on this device has been disabled.

Interestingly, the svc_apache account doesn’t have privileges that I expected to see in a service account. The service account might have been harden

Interactive Graph View

Backlinks