![]() ![]() I know that many other tools exist that do the job in a more automated way, but I sometimes prefer to use the GUI to see the structure of things and maybe even spot things I would normally miss. That’s what I have for you this time, and I hope you see that ADExplorer can be a really useful tool in some cases. This is super useful if you ever want to grab the search results from ADExplorer since there are no native ways of doing that. A great post written by Sally Vandeven over at Black Hills shows us how to edit objects using ADExplorer among other things: Īnother awesome addition is ADEGrab, created by Stuart Morgan at MWR Infosecurity. I also want to mention others who have done some great writeups on ADExplorer before this post. There is also a bug that I encounter sometimes using offline ADExplorer snapshots when using the ‘contains’ search that crashes ADExplorer, but it works when using ADExplorer online, so the problem is not too big. Sometimes I just search for ‘description not empty’ and manually look at the results. You do that by right clicking and choosing PIVOTING > SOCKS Serverįigure 24 – Searching for pwd in Description Let’s go through the steps on getting ADExplorer to work from my local Windows machine through a SOCKS proxy on my Cobalt Strike command and control (C2) server.įirst you will need to tell Cobalt Strike to establish a SOCKS proxy on the beacon you have. ![]() So, how do we use the Active Directory computer account over SOCKS to look at Active Directory? Well, of course there are many tools out there such as Impacket or LDAPPER, but today I’ll be covering ADExplorer. One way I typically end up in this scenario is to proxychain through a beacon on a user’s workstation and use a known exploit to gain administrative access. The tool itself can be found here: Ī typical scenario I often face on engagements is that I have compromised a server or workstation, and I am able to get my hands on the local NTLM hashes as well as the computer account NTLM hash used to authenticate itself against the Active Directory domain. It can be useful for both offensive and defensive purposes, but in this post, I am going to focus more on its offensive use. By Oddvar Moe in Attack Path Effectiveness Review, Penetration Testing, Red Team Adversarial Attack Simulation, Security Testing & AnalysisĪDExplorer is a tool I have always had in my backpack. ![]()
0 Comments
Leave a Reply. |