As part of a challenge, I need to access a file which is owned by BUILTIN\Administrators on a DC. I mounted the C$ share from another workstation, with the domain account I have, unfortunately I receive access denied when I attempt to access the file.
X:\Users\Administrator\FOLDER>dir /Q 03/15/2018 06:46 AM <DIR> BUILTIN\Administrators . 03/15/2018 06:46 AM <DIR> BUILTIN\Administrators .. 04/15/2018 05:09 PM 126 BUILTIN\Administrators FILE
On the workstation I have access via ps I added my user to the local admin group of the DC:
$ group = [ADSI]("WinNT://<IP>/administrators,group") $ group.add("WinNT://<DOMAIN>/<USER>,user")
Checking on rpcclient:
rpcclient $ > enumalsgroups builtin ... group:[Administrators] rid:[0x220] ... rpcclient $ > queryaliasmem builtin 0x220 sid:[S-1-5-21-779333104-4060554207-35427279-500] sid:[S-1-5-21-779333104-4060554207-35427279-519] sid:[S-1-5-21-779333104-4060554207-35427279-512] sid:[S-1-5-21-779333104-4060554207-35427279-2605] rpcclient $ > lookupsids S-1-5-21-779333104-4060554207-35427279-2605 S-1-5-21-779333104-4060554207-35427279-2605 <DOMAIN>\<USER> (1)
also using smbclient:
smbclient //<IP>/c$ -U <USER> Enter WORKGROUP\<USER>'s password: Try "help" to get a list of possible commands. smb: \> cd Users\Administrator\FOLDER\ smb: \Users\Administrator\FOLDER\> get FILE NT_STATUS_ACCESS_DENIED opening remote file \Users\Administrator\FOLDER\FILE
I also created a local user but nothing changes. icacls and cacls returns “Access is denied.” any suggestion?