General Blog, Pentesting

Top Ways Penetration Testers Get Domain Admin

Very brief post, but will be expanded on with additional details as time allows.

  • Breached Credentials
  • Credential Stuffing & Password Spraying
  • LLMNR & NBT Poisioning
  • Relay Attacks
  • Null Sessions on Domain Controller(s)
  • Token Impersonation on Low Priv Boxes
  • MiTM6 to Exploit IPv6
  • Kerberoasting
  • MS17-010 and Poor Patch Management
  • SYSVOL Credentials and GPP
  • Lack of Segmentation of Administrative Privileges
  • Insecurely Stored Credentials (Office Documents, Outlook Notes, etc.)
  • Default Credentials on Databases/Networked Devices

References

https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa
https://hunter2.gitbook.io/darthsidious/other/war-stories/domain-admin-in-30-minutes
https://adsecurity.org/?p=2288
https://www.pentestpartners.com/security-blog/top-10-stupidest-ways-weve-got-domain-admin/
https://chessict.co.uk/media/4712/12-common-vulnerabilities-found-during-penetration-testing.pdf

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s