How to Grant Rights to be able to Manage Computer Accounts using the Provisioning Services Console

This article describes how to delegate rights to the user or group to allow adding workstations to an Active Directory ADdomain using the Provisioning Server console. Background While it is possible to assign AD users or groups to Built-In groups within AD to enable this functionality such as...

msLDAPDump - LDAP Enumeration Tool

msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently. Binding...

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM...

Domain Escalation – sAMAccountName Spoofing

Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading - Domain Escalation - sAMAccountName Spoofing...

Rbcd-Attack - Kerberos Resource-Based Constrained Delegation Attack From Outside Using Impacket

Abusing Kerberos Resource-Based Constrained Delegation TL;DR This repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active Directory Domain. The difference from other common implementations is that we are launching the attack from outside of the...

Microsoft Windows Server Active Directory Denial of Service Vulnerability

Microsoft Windows Server is a series of server operating systems released by Microsoft Corporation in the U.S. Active Directory is one of the Active Directory components. A denial of service vulnerability exists in Active Directory for Microsoft Windows Server. A remote attacker can exploit this...

The vulnerability of the Samba file system allows a perpetrator to circumvent existing access restrictions.

The vulnerability of the samldbcheckuseraccountcontrolacl function in the Samba file system located in the samdb/ldbmodules/samldb.c file is related to improper privilege checking during the creation of computer accounts. Exploiting this vulnerability can allow a malicious actor to circumvent...

Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration

This module can be used to bruteforce RIDs associated with the domain of the SQL Server using the SUSERSNAME function. This is similar to the smblookupsid module, but executed through SQL Server queries as any user with the PUBLIC role everyone. Information that can be enumerated includes Windows...