GPP Attacks: AD Post Compromise Attack
- Strider Gearhead
- Jul 17, 2023
- 1 min read
Overview
Group Policy Preferences allowed admins to create policies using embedded credentials.
These credentials were encrypted and placed in a “cPassword”
The key was accidentally released(whoops)
Patched in MS14–025, but doesn’t prevent previous uses
Group Policy Pwnage: https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/
ABUSING GPP
We will solve a machine which is available on hack the box. The box is named as “Active”.
So firstly we will quickly run a nmap scan. Command: nmap -T5 <IP>
The result will look like this:
To read the full write-up visit to my Medium:
Comments