Az- Synchronising New Users

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Syncing AzureAD users to on-prem to escalate from on-prem to AzureAD

Ili kusawazisha mtumiaji mpya f** kutoka AzureAD hadi AD ya ndani** haya ndiyo mahitaji:

Mtumiaji wa AzureAD anahitaji kuwa na anwani ya proxy ( sanduku la barua)
Leseni haitahitajika
Haipaswi kuwa tayari imesawazishwa

Get-MsolUser -SerachString admintest | select displayname, lastdirsynctime, proxyaddresses, lastpasswordchangetimestamp | fl

Wakati mtumiaji kama hawa anapatikana katika AzureAD, ili kufikia kutoka kwenye AD ya ndani unahitaji tu kuunda akaunti mpya yenye proxyAddress ya barua pepe ya SMTP.

Kiotomatiki, mtumiaji huyu atakuwa amesawazishwa kutoka AzureAD hadi mtumiaji wa AD ya ndani.

Kumbuka kwamba ili kufanya shambulio hili huhitaji Domain Admin, unahitaji tu ruhusa za kuunda watumiaji wapya.

Pia, hii haitapita MFA.

Zaidi ya hayo, hii iliripotiwa kuwa sawazishaji wa akaunti si tena uwezekano kwa akaunti za admin.

References

https://www.youtube.com/watch?v=JEIR5oGCwdg

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAz AD Connect - Hybrid Identity NextAz - Default Applications

Last updated 1 month ago