Enumeration

I ran SharpHound to get more info and plan the attack path.

Our user is a part of a group who has GenericAll right over the group "Exchange Windows Permissions" which means we can add our user into this group.

net group "Exchange Windows Permissions" svc-alfresco /add /domain

And users of Exchange Windows Permissions group has WriteDacl right over the group Domain Admins.

Which we can use to grant our user DCSync privilege over the domain.

PreviousFoothold NextDCSync

Last updated 10 months ago