Acl
DirectAccess and Kerberos Resource-based Constrained Delegation
Background Are you tired of working from home due to COVID? While this is quite a unique situation we find ourselves in, it also provides some fresh opportunities. Lately we have assessed several environments that was meant to provide a secure way for working from home. For one specific engagement, a client delivered one of their laptops that was domain joined. The laptop was accompanied with credentials of a low privilege domain user. The secure connection to their office was provided using DirectAccess.
ACE to RCE
tl;dr: In this writeup I am going to describe how to abuse a GenericWrite ACE misconfiguration in Active Directory to run arbitrary executables.
During a recent assessment I found a new way to abuse Access Control Entries in a misconfigured Active Directory instance. Before jumping into the juicy bits, I’d first like to explain what these misconfigurations are, how we find them and finally how to abuse them. If you have preexisting knowledge on this topic you can jump to the section titled ‘A new way of abusing GenericWrite‘.
Page 1 of 1