maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

f

Browse Source
This commit is contained in:
carlospolop 2025-07-22 14:24:57 +02:00
parent 651f61fb65
commit aefca42aeb
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md
View File

@ -18,7 +18,7 @@ To identify the members of this group, the following command is executed:
Get-NetGroupMember -Identity "Account Operators" -Recurse Get-NetGroupMember -Identity "Account Operators" -Recurse
``` ```
Adding new users is permitted, as well as local login to DC01. Adding new users is permitted, as well as local login to the DC.
## AdminSDHolder group ## AdminSDHolder group
@ -164,7 +164,10 @@ To list members of the DnsAdmins group, use:
Get-NetGroupMember -Identity "DnsAdmins" -Recurse Get-NetGroupMember -Identity "DnsAdmins" -Recurse
``` ```
### Execute arbitrary DLL ### Execute arbitrary DLL (CVE202140469)
> [!NOTE]
> This vulnerability allows for the execution of arbitrary code with SYSTEM privileges in the DNS service (usually inside the DCs). This issue was fixed in 2021.
Members can make the DNS server load an arbitrary DLL (either locally or from a remote share) using commands such as: Members can make the DNS server load an arbitrary DLL (either locally or from a remote share) using commands such as:
@ -242,6 +245,10 @@ sc.exe start MozillaMaintenance
Note: Hard link exploitation has been mitigated in recent Windows updates. Note: Hard link exploitation has been mitigated in recent Windows updates.
## Group Policy Creators Owners
This group allows members to create Group Policies in the domain. However, its members can't apply group policies to users or group or edit existing GPOs.
## Organization Management ## Organization Management
In environments where **Microsoft Exchange** is deployed, a special group known as **Organization Management** holds significant capabilities. This group is privileged to **access the mailboxes of all domain users** and maintains **full control over the 'Microsoft Exchange Security Groups'** Organizational Unit (OU). This control includes the **`Exchange Windows Permissions`** group, which can be exploited for privilege escalation. In environments where **Microsoft Exchange** is deployed, a special group known as **Organization Management** holds significant capabilities. This group is privileged to **access the mailboxes of all domain users** and maintains **full control over the 'Microsoft Exchange Security Groups'** Organizational Unit (OU). This control includes the **`Exchange Windows Permissions`** group, which can be exploited for privilege escalation.