WriteDACL » THOVITI SIDDHARTH

WriteDACL

August 8, 2023

Forest – HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec aclpwn, Active Directory, Active Directory 101, AS-REP Roast, BloodHound, crackmapexec, DCSync, GenericAll, GetNPUsers, impacket, Kerberoasting, kerberos, LDAP, mimikatz, pass the hash, powershell-credential-object, PowerView, PSCredential, psexec, rpcclient, secretsdump, windapsearch, Windows, WriteDACL 0

Machine Name: Forest
IP: 10.10.10.161
Difficulty: Easy

Summary

Forest is a easy machine that starts with enumerating usernames through LDAP and performing Kerberoasting on that user. After cracking the TGT hash, we obtain the user shell. The privilege escalation involved mapping the Active Directory domain and understanding the group memberships and permissions that could be exploited. WriteDACL permissions were discovered for one of the groups which was abused to perform the DCSync attack to dump the hashes and finally pass them to gain the administrator shell.