Semachineaccountprivilege Hacktricks [2021] [ 100% ESSENTIAL ]

# Using impacket addcomputer.py -computer-name "ATTACKER$" -computer-pass "Password123" -dc-ip 10.10.10.2 domain.local/compromised_user:password

MATCH (u:User)-[r:MemberOf|AddMember|AllowedToAct*1..]->(c:Computer) WHERE u.name CONTAINS "your_compromised_user" RETURN u,r,c semachineaccountprivilege hacktricks

: The attacker performs a Kerberos "Service for User" (S4U) request. They request a service ticket for a high-privileged user (like a Domain Admin) to the target machine, using the credentials of the machine account they just created. # Using impacket addcomputer

The most effective defense is setting the ms-DS-MachineAccountQuota to 0 . This prevents any non-admin from creating machine accounts. semachineaccountprivilege hacktricks

SeMachineAccountPrivilege allows a user to bypass the standard "Create Computer Objects" permission in specific Organizational Units (OUs), creating them in the "Computers" container instead. Common Attack Vectors

Website navigation

What's on

Visit

Explore

Teach

Research

Join and Support

Semachineaccountprivilege Hacktricks [2021] [ 100% ESSENTIAL ]

Semachineaccountprivilege Hacktricks [2021] [ 100% ESSENTIAL ]

Stay connected