Az- Synchronising New Users

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Syncing AzureAD users to on-prem to escalate from on-prem to AzureAD

Ili kusawazisha mtumiaji mpya kutoka AzureAD hadi kwenye AD ya ndani, haya ndiyo mahitaji:

Mtumiaji wa AzureAD anahitaji kuwa na anwani ya proxy (sanduku la barua)
Leseni haitahitajika
Haipaswi kuwa tayari imesawazishwa

Get-MsolUser -SerachString admintest | select displayname, lastdirsynctime, proxyaddresses, lastpasswordchangetimestamp | fl

Wakati mtumiaji kama hawa anapatikana katika AzureAD, ili kuufikia kutoka kwenye on-prem AD unahitaji tu kuunda akaunti mpya yenye proxyAddress ya barua pepe ya SMTP.

Kiotomatiki, mtumiaji huyu atakuwa amesawazishwa kutoka AzureAD hadi mtumiaji wa on-prem AD.

Kumbuka kwamba ili kufanya shambulio hili huhitaji Domain Admin, unahitaji tu ruhusa za kuunda watumiaji wapya.

Pia, hii haitapita MFA.

Zaidi ya hayo, hii iliripotiwa kuwa sawazishaji wa akaunti si tena uwezekano kwa akaunti za admin.

Marejeleo

https://www.youtube.com/watch?v=JEIR5oGCwdg

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

PreviousAz AD Connect - Hybrid Identity NextAz - Default Applications

Last updated 3 days ago