CAPEC-561
Description
An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain.
Prerequisites
The system/application is connected to the Windows domain.
The target administrative share allows remote use of local admin credentials to log into domain systems.
The adversary possesses a list of known Windows administrator credentials that exist on the target domain.
Mitigations
Do not reuse local administrator account credentials across systems.
Deny remote use of local admin credentials to log into domain systems.
Do not allow accounts to be a local administrator on more than one system.
Skills Required
[Low] Once an adversary obtains a known Windows credential, leveraging it is trivial.