58 lines
3.2 KiB
Markdown
58 lines
3.2 KiB
Markdown
|
|
|||
|
|
MMC (Microsoft Management Console) can be used to enumerate and gather more information about the active directory (through a Remote Desktop Protocol (RDP) session)
|
|||
|
|
|
|||
|
|
- More infomration about MMc
|
|||
|
|
The Microsoft Management Console (MMC) can be used to enumerate information about the active directory, which is a database that stores information about a computer network's user accounts, security policies, and other network objects. By using MMC snap-ins, such as the Active Directory Users and Computers snap-in, an administrator can view and manage the active directory.
|
|||
|
|
ㅤ
|
|||
|
|
An attacker could potentially use MMC to enumerate information about the active directory for the purpose of exploitation. For example, an attacker could use MMC to gather information about user accounts, security groups, and other objects in the active directory. This information could be used to plan and execute an attack on the network, such as attempting to gain unauthorized access to network resources or to elevate their own privileges within the network.
|
|||
|
|
ㅤ
|
|||
|
|
To open the MMC, click the Start button, type "run" into the search box, and then press Enter. Once run is open, type mmc and press enter to get in the MMC
|
|||
|
|
|
|||
|
|
|
|||
|
|
Steps to perform (Take in consideration that you need RDP access to do the following)
|
|||
|
|
|
|||
|
|
- Include RSAT in the Apps & Features
|
|||
|
|
1. Press **Start**
|
|||
|
|
2. Search **"Apps & Features"** and press enter
|
|||
|
|
3. Click **Manage Optional Features**
|
|||
|
|
4. Click **Add a feature**
|
|||
|
|
5. Search for **"RSAT"**
|
|||
|
|
6. Select "**RSAT: Active Directory Domain Services and Lightweight Directory Tools"** and click **Install**
|
|||
|
|
|
|||
|
|
- Open MMC
|
|||
|
|
1. Press **Start**
|
|||
|
|
2. Search "**Run**"
|
|||
|
|
3. Input "**MMC**" in the Run tool
|
|||
|
|
4. Press enter
|
|||
|
|
|
|||
|
|
- Snap-In in MMC (Plugin to connect to the Active Directory)
|
|||
|
|
1. Select File menu
|
|||
|
|
2. Select add snap-in
|
|||
|
|
3. Add the following plugins
|
|||
|
|
1. Active Directory Domains and Trust
|
|||
|
|
2. Active Directory Site and Service
|
|||
|
|
3. Active Directory User and Computer
|
|||
|
|
4. Right-click on **Active Directory Domains and Trusts** and select **Change Forest**
|
|||
|
|
5. Enter _za.tryhackme.com_ as the **Root domain** and Click **OK**
|
|||
|
|
6. Right-click on **Active Directory Sites and Services** and select **Change Forest**
|
|||
|
|
7. Enter _za.tryhackme.com_ as the **Root domain** and Click OK
|
|||
|
|
8. Right-click on **Active Directory Users and Computers** and select **Change Domain**
|
|||
|
|
9. Enter _za.tryhackme.com_ as the **Domain** and Click **OK**
|
|||
|
|
10. Right-click on **Active Directory Users and Computers** in the left-hand pane
|
|||
|
|
11. Click on **View** -> **Advanced Features**
|
|||
|
|
|
|||
|
|
Now you should have access to the active directory and search trought the OU's and Group Policy
|
|||
|
|
|
|||
|
|
|
|||
|
|
Benefits
|
|||
|
|
|
|||
|
|
- The GUI provides an excellent method to gain a holistic view of the AD environment.
|
|||
|
|
- Rapid searching of different AD objects can be performed.
|
|||
|
|
|
|||
|
|
- It provides a direct method to view specific updates of AD objects.
|
|||
|
|
- If we have sufficient privileges, we can directly update existing AD objects or add new ones.
|
|||
|
|
|
|||
|
|
Drawbacks
|
|||
|
|
|
|||
|
|
- The GUI requires RDP access to the machine where it is executed.
|
|||
|
|
- Although searching for an object is fast, gathering AD wide properties or attributes cannot be performed.
|