Здравствуйте!
In this post, I will share with you why Active Directory is the heart of a Windows Server based network. Understanding this is critical to understanding why privilege escalation in Active Directory is so powerful.
We all know that there are just 3 basic things that help secure all the data in an environment -
Of course, certain things like ability to have distributed authentication, authorization and auditing are also required, and exist to facilitate secure access for all users to all resources.
If you look at Active Directory simply, it is just one directory, and not of much interest because after all how interesting could a directory be? But if you look at Active Directory from angle that it contains all the 3 pieces requires to provide security in network, then it looks very important and in fact it is very important.
It is commonly known that all the user accounts are stored in Active Directory. In addition, the passwords of all these user accounts are also stored in the Active Directory. Furthermore, the management of these accounts is also delegated in Active Directory, meaning for example, that the information of who can reset the password of a user's account is also stored in Active Directory.
By similar token, all the security groups that are used to grant or deny some level of access to all files on file servers, databases on database servers and applications on application servers are also all defined, configured and managed in Active Directory. In particular, the membership of all such groups used across the network is stored in and controlled in Active Directory. Also, information about who can change the membership of these groups is also stored in Active Directory.
Also by similar token, all the policies that are used to protect all the computers in the network are also defined in and automatically pushed out from the Active Directory. Furthermore, data about who can change these policies and who can push them where is also stored in Active Directory.
So, from this angle, it is logical that Active Directory is the heart of a Windows Server based network. That is why lot of companies put in lots of resources to try and protect it as much as they can.
The interesting thing about Active Directory is that it lets powerful admins delegate specific operations (tasks) to specific delegated admins, thereby creating a hierarchy of power in the network.
This is very important for privilege escalation, because as we shall see in following posts, the ability to escalate privilege one by one in hierarchy starting from bottom and aiming for top is very valuable.
From the view of privilege escalation, Active Directory is a treasure box of information, because it is THE place where all the responsibilities for the management of all of these 3 things are delegated and controlled.
So if you are interested in learning more about how to escalate privilege in Windows networks, you should become familiar with Active Directory hierarchical and security model. Once you are familiar you can start experimenting yourself based on following posts on how to find and use privilege escalation opportunities to go from basic authenticated user to domain admin with just little effort.
In my next post, I will cover some details about Active Directory's storage and security model, to help you understand how to experiment with this concept in your test environment.
Спасибо
In this post, I will share with you why Active Directory is the heart of a Windows Server based network. Understanding this is critical to understanding why privilege escalation in Active Directory is so powerful.
We all know that there are just 3 basic things that help secure all the data in an environment -
- Identity - Every user in the system is identified by a unique identity
- Resource Authorization - Access to all resources is authorized based on group memberships
- Host Management - The computers on which resources are stored need to be managed
Of course, certain things like ability to have distributed authentication, authorization and auditing are also required, and exist to facilitate secure access for all users to all resources.
If you look at Active Directory simply, it is just one directory, and not of much interest because after all how interesting could a directory be? But if you look at Active Directory from angle that it contains all the 3 pieces requires to provide security in network, then it looks very important and in fact it is very important.
It is commonly known that all the user accounts are stored in Active Directory. In addition, the passwords of all these user accounts are also stored in the Active Directory. Furthermore, the management of these accounts is also delegated in Active Directory, meaning for example, that the information of who can reset the password of a user's account is also stored in Active Directory.
By similar token, all the security groups that are used to grant or deny some level of access to all files on file servers, databases on database servers and applications on application servers are also all defined, configured and managed in Active Directory. In particular, the membership of all such groups used across the network is stored in and controlled in Active Directory. Also, information about who can change the membership of these groups is also stored in Active Directory.
Also by similar token, all the policies that are used to protect all the computers in the network are also defined in and automatically pushed out from the Active Directory. Furthermore, data about who can change these policies and who can push them where is also stored in Active Directory.
So, from this angle, it is logical that Active Directory is the heart of a Windows Server based network. That is why lot of companies put in lots of resources to try and protect it as much as they can.
The interesting thing about Active Directory is that it lets powerful admins delegate specific operations (tasks) to specific delegated admins, thereby creating a hierarchy of power in the network.
This is very important for privilege escalation, because as we shall see in following posts, the ability to escalate privilege one by one in hierarchy starting from bottom and aiming for top is very valuable.
From the view of privilege escalation, Active Directory is a treasure box of information, because it is THE place where all the responsibilities for the management of all of these 3 things are delegated and controlled.
So if you are interested in learning more about how to escalate privilege in Windows networks, you should become familiar with Active Directory hierarchical and security model. Once you are familiar you can start experimenting yourself based on following posts on how to find and use privilege escalation opportunities to go from basic authenticated user to domain admin with just little effort.
In my next post, I will cover some details about Active Directory's storage and security model, to help you understand how to experiment with this concept in your test environment.
Спасибо
