Vulnerable Active Directory Scripts (Part 3)
Resource Based Constrained Attack
The purpose of this script is to set up a low-privilege AD account for a "Resource Based Constrained" attack. With this kind of attack, an attacker can gain access to a target resource by utilizing a low-privilege user account to authenticate with a different account—typically, a service account with more privileges.
Using the names assigned to the $domain, $lowPrivilegeAccount, and $targetResource variables, respectively, this script first sets the domain to be used for the attack as well as the low-privilege account and target resource to be utilized in the assault.
SID History Injection
The purpose of this script is to carry out a "SID History Injection Attack." Through this kind of attack, a hacker can obtain the same access privileges as the user whose SID was added by adding a user's Security Identifier to another user's SID History property in Active Directory.
The script begins by specifying the domain to be used in the attack, the attacker user, and the victim user.
After obtaining the SIDs of the attacker and target users using the Get-ADUser cmdlet, it sets the attacker user's SID to the $attackerSID variable and the target user's SID to the $targetSID variable.
The attacker user should now have access to these resources if the SID-History injection was successful because the attacker user's SIDHistory property now contains the SID of the target user. Lastly, it tries to access resources that the attacker user does not have authorization for.
Skeleton Key
This script adds a newly created user account to the Domain Admins group and creates it in an AD domain. Because it may be used to authenticate to any service that accepts Kerberos authentication within the domain, this account is frequently referred to as a "Skeleton Key" account.
The Skeleton Key account is created in the domain using the New-ADUser cmdlet, and the password is specified using the ConvertTo-SecureString cmdlet, which encrypts the password. Additionally, it sets the -PasswordNeverExpires $true and -activated $true to guarantee that the account is activated and never expires.
It also adds the Skeleton Key account to the Domain Admins group, giving it administrative access to the entire domain, using the Add-ADPrincipalGroupMembership cmdlet.
Unconstrained Delegation
This command modifies a computer object's properties in AD by using the Set-ADComputer cmdlet. It is specifically changing and setting to $true the TrustedForDelegation property of the computer object with the identity "NAMEK."
A machine object is considered trustworthy for Kerberos delegation if its TrustedForDelegation attribute is set to $true. This implies that, if the client has the required rights, any service that is active on the machine utilizing Kerberos authentication can act on behalf of a client to authenticate to other services. This raises the security risk as well, although it might be helpful in situations where a computer service has to access other resources on behalf of a client.
Conclusion:
This part discusses all the remaining vulnerable AD Scripts and their functions.
Comments
Post a Comment