Practice
  • 🛤️TryHackMe Rooms
    • HackersVsHackers
    • Vulnnet - The End Game
    • Surfer
    • Corridor
    • Mustacchio
    • Wordpress: CVE-2021-29447
    • Bounty Hacker
    • Simple CTF
    • Agent Sudo
    • Lazy Admin
    • Ignite
    • Brooklynn 99
    • c4ptur3th3fl4g
    • Lian_Yu
    • Rabbit
    • Gallery
    • Overpass
    • Team
    • Easy Peasy
    • CmesS
    • Ultratech
    • Wonderland
    • Anonymous
    • GamingServer
    • Tomghost
    • ConvertMyVideo
    • DogCat
    • Blog
    • Git Happens
    • 0day
    • Road
    • Inferno
    • Opacity
    • Market Place
    • Valley CTF
    • Weasel
    • SafeZone
    • Blueprint
    • Fusion Corp
    • Quotient
    • Unbaked Pie
    • Kenobi
    • Steel Mountain
    • Alfred
    • Hack Park
    • Game Zone
    • Daily Bugle
    • Retro
    • Corp
    • Attacktive Directory
    • Vulnnet - Roasted
    • Vulnnet - Active
    • Vulnnet - Internal
    • Enterprise - Hard
    • Iron Corp - Hard
    • Ra - Hard
    • For Business Reasons
  • 📦HackTheBox
    • Linux Boxes
      • Lame
      • Shocker
      • Nibbles
      • Beep
      • Cronos
      • Nineveh
      • Sense
      • Solidstate
      • Node
      • Valentine
      • Poison
      • Sunday
      • Irked
      • FriendZone
      • Networked
      • Jarvis
      • Tabby
      • Mirai
      • Popcorn
    • Windows Boxes
      • Active
      • Forest
      • ChatterBox
      • Resolute
      • Intelligence
  • 🤖CTF's
    • CloudSEK CTFs
    • ACM Cyber - UCLA
  • ¯\_(ツ)_/¯
    • Interview Topics
  • 🪣BOF - OSCP
    • Basics
    • Spiking
    • FUZZing
    • Finding the Offset
    • Overwriting the EIP
    • Finding BAD Characters
    • Finding RIGHT Module
    • Generating Shellcode
  • 📛Active Directory
    • Basics
      • Managing AD Users
      • Managing AD Computers
      • Group Policies
      • Authentication Methods
      • Trees, Forests and Trusts
    • Enumeration Techniques
    • Initial Attack Vectors
    • Post Compromise Enumeration
    • Post Compromise Attacks
      • Token Impersonation - LM
      • Kerberoasting
      • cPassword / GPP Attack
      • URL File Attacks
      • PrintNightmare
      • Golden Ticket Attacks
      • ZeroLogon Attacks
    • Lateral Movement and Pivoting
      • File Transfers
      • Spawning Processes Remotely
      • Moving Laterally with WMI
      • Alternate Authentication Material
      • Abusing User's Behaviour
      • Port Forwarding
      • Maintaing Access
      • Pivoting
      • Cleaning Up
    • Other Resources
  • 🛡️Powershell Basics
    • Getting Started
      • Functions
  • 😁Others
    • API Security
    • Cloud Security
  • Enumeration
    • Local PrivEsc
    • Remoting
    • Persistence
    • Kerberos
Powered by GitBook
On this page
  1. Active Directory
  2. Basics

Managing AD Users

PRACTICE ! PRACTICE ! PRACTICE !

PreviousBasicsNextManaging AD Computers

Last updated 1 year ago

Observe the Organizational chart and make changes according to it and make the AD to match it !

Delegation

One of the nice things we can do in AD is to give specific users some control over some OUs

  • This process is known as delegation it allows you to grant users specific privileges to perform advanced tasks on OUs without needing a Domain Administrator to step in

Imagine a scenario where the marketing team or the sales team face some software issues in thier systems and it needs to be rectified in no time - Every time the Domain Admin cannot step in and solve the issue instead what if he just grants the required permissions (delegations) to the IT Support team?

Now let's assume that sophie who's from the Sales team is using a default password and the IT support guy phillip has the delegation to reset her password, how will he do it ? - So to first delegate the controls for the IT guy Phillip we'll have to add him first !

Clicking on Next, sets the required permissions or the delegations for the IT user Phillip to reset the Sales team girl sophie's password - Now let's RDP into Phillips system to unleash his powers :)

xfreerdp \v:10.10.130.92 \u:THM\phillip \p:Claire2008 \dynamic-resolution \cert-ignore

But the catch is the IT user Phillip doesn't have enough privileges to open the Active Directory Users and Computers application - So we'll have to use powershell inorder to reset sophie's password

PS C:\Users\phillip> Set-ADAccountPassword sophie -Reset -NewPassword (Read-Host -AsSecureString -Prompt 'New Password') -Verbose

New Password: rootme@321

VERBOSE: Performing the operation "Set-ADAccountPassword" on target "CN=Sophie,OU=Sales,OU=THM,DC=thm,DC=local".

So now we've successfully reset the password, but we as Phillip (IT guy) don't have any rights to communicate the Sales team sophie user, so we wouldn't want Sophie to keep on using a password we know, we can also force a password reset at the next logon

PS C:\Users\phillip> Set-ADUser -ChangePasswordAtLogon $true -Identity sophie -Verbose

VERBOSE: Performing the operation "Set" on target "CN=Sophie,OU=Sales,OU=THM,DC=thm,DC=local".
📛