This article discusses the exploitation of Discretionary Access Control Lists (DACL) in Active Directory through the AddSelf permission, allowing attackers to escalate privileges and access sensitive systems. The content includes lab setups for simulating attacks, various exploitation methods, and detection strategies. Affected: Active Directory, Domain Admins, Backup Operators
Keypoints :
- Discretionary Access Control Lists (DACL) vulnerabilities can be exploited through the AddSelf permission in Active Directory.
- Attackers can elevate privileges by adding themselves to privileged groups like Domain Admins or Backup Operators.
- Post-exploitation activities may involve accessing sensitive systems and performing Kerberoasting attacks.
- The article provides a lab setup to simulate AddSelf exploitation using Windows Server and Kali Linux.
- BloodHound tool can be utilized to verify permissions and identify weak configurations.
- Several exploitation methods have been detailed, including commands for different operating systems.
- Mitigation strategies and detection mechanisms to identify suspicious activities related to AddSelf attacks are offered.
- Post-exploitation can involve dumping NTLM hashes utilizing Impacket tools for further unauthorized access.
- Critical insights for security professionals in recognizing and defending against such prevalent security threats are included.
Full Story: https://www.hackingarticles.in/abusing-ad-dacl-addself/