x/handbook
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
handbook/tools/5.Machine/3.Active-Directory/General/Exploitation/3.Enumeration-AD/3.Enumeration-through-MMC.md
Anton Nesterov af9011411c
vault backup: 2024-08-31 01:07:21
2024-08-31 01:07:22 +02:00

3.2 KiB
Raw Permalink Blame History

MMC (Microsoft Management Console) can be used to enumerate and gather more information about the active directory (through a Remote Desktop Protocol (RDP) session)

  • More infomration about MMc The Microsoft Management Console (MMC) can be used to enumerate information about the active directory, which is a database that stores information about a computer network's user accounts, security policies, and other network objects. By using MMC snap-ins, such as the Active Directory Users and Computers snap-in, an administrator can view and manage the active directory. An attacker could potentially use MMC to enumerate information about the active directory for the purpose of exploitation. For example, an attacker could use MMC to gather information about user accounts, security groups, and other objects in the active directory. This information could be used to plan and execute an attack on the network, such as attempting to gain unauthorized access to network resources or to elevate their own privileges within the network. To open the MMC, click the Start button, type "run" into the search box, and then press Enter. Once run is open, type mmc and press enter to get in the MMC

Steps to perform (Take in consideration that you need RDP access to do the following)

  • Include RSAT in the Apps & Features

    1. Press Start
    2. Search "Apps & Features" and press enter
    3. Click Manage Optional Features
    4. Click Add a feature
    5. Search for "RSAT"
    6. Select "RSAT: Active Directory Domain Services and Lightweight Directory Tools" and click Install

  • Open MMC

    1. Press Start
    2. Search "Run"
    3. Input "MMC" in the Run tool
    4. Press enter

  • Snap-In in MMC (Plugin to connect to the Active Directory)

    1. Select File menu
    2. Select add snap-in
    3. Add the following plugins
      1. Active Directory Domains and Trust
      2. Active Directory Site and Service
      3. Active Directory User and Computer
    4. Right-click on Active Directory Domains and Trusts and select Change Forest
    5. Enter za.tryhackme.com as the Root domain and Click OK
    6. Right-click on Active Directory Sites and Services and select Change Forest
    7. Enter za.tryhackme.com as the Root domain and Click OK
    8. Right-click on Active Directory Users and Computers and select Change Domain
    9. Enter za.tryhackme.com as the Domain and Click OK
    10. Right-click on Active Directory Users and Computers in the left-hand pane
    11. Click on View -> Advanced Features

Now you should have access to the active directory and search trought the OU's and Group Policy

Benefits

  • The GUI provides an excellent method to gain a holistic view of the AD environment.

  • Rapid searching of different AD objects can be performed.

  • It provides a direct method to view specific updates of AD objects.

  • If we have sufficient privileges, we can directly update existing AD objects or add new ones.

Drawbacks

  • The GUI requires RDP access to the machine where it is executed.
  • Although searching for an object is fast, gathering AD wide properties or attributes cannot be performed.