Intranet Penetration (77) ACL Abuse of Domain Authority Maintenance (Part 2)

Enterprise 2023-06-04 21:08:25 views: null

ACL abuse (medium)

3. msDS-AllowedToActOnBehalfOfOtherldentity attribute permission

As shown in the figure is Microsoft's description of the msDS-AllowedToActOnBehalfOfOtherldentity attribute

insert image description here

jack is a normal user in the domain. Now that we have obtained the authority of the domain administrator and want to maintain the authority, we can perform the following operations: Use the powerview.ps1 script under Empire to execute the following command to manually add the domain control to user jack and modify msDS-AllowedToActOnBehalfOfOtherldentity (3f78c3e5-f79a -46bd-a0b8-9d18116ddc79) attribute permissions, as shown in the figure:

Import-Module .\powerview.ps1
#添加用户jack 对域控的msDS-AllowedToActOnBehalfOfOtherldentity属性修改权限
Add-DomainObjectAcl -TargetIdentity

Guess you like

Origin blog.csdn.net/qq_64973687/article/details/130738048

Intranet Penetration (77) ACL Abuse of Domain Authority Maintenance (Part 2)

Intranet penetration (72) domain authority maintenance fake domain controller

Intranet penetration (seventy) domain authority maintenance reset DSRM password

Intranet penetration (63) abuse of DCSync

A failed domain penetration in the intranet

Delegation of Domain Authority Maintenance for Intranet Penetration (67)

Penetration Testing Intranet Penetration (2): Intranet Penetration

The network penetration - penetration in the common domain domain authority to maintain control method

Basic knowledge of intranet domain penetration

Intranet penetration—domain control and domain environment construction

Intranet penetration (seventy) domain authority maintenance reset DSRM password

Intranet attack domain penetration study (notes)

FRP intranet penetration construction (no domain name)

Intranet: bloodhound domain penetration analysis tool

Intranet security: Intranet penetration. (Obtain the highest authority of the intranet host vulntarget shooting range A)

Remember a simple domain penetration (part 1)

frp intranet penetration remote access, operation and maintenance technology

After penetration - domain authority to maintain the use of gold and silver bills bills get permission domain controller

Penetration of Intranet

Intranet penetration series: dns2tcp of intranet tunnel

Penetration of the network - to maintain authority

Intranet penetration of the red team shooting range (penetration from the DMZ host to the domain machine)

Explore remote access to Intranet Synology NAS 6.X (using an independent domain name) [Intranet Penetration]

Open network domain authority

Domain penetration penetration of the network

Recommended

Ranking

A quick primer on numpy basics

Two sister tease python project

Java | Multiple keywords in the replacement content are returned to the front end in red style

C ++: references

The string leetcood 1018 is a binary prefix divisible by 5

Flutter 布局组件

Java combat spingboot-redis

PMP pre-exam sprint and wrong questions sorting

ActiveMq C# Message Features: Delayed and Timed Message Delivery

DSP28377S_ copy a program from the RAM to FLASH portion DETAILS

Daily

2024-05-16(23)

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)