2022 Common Active Directory Exploitation Paths
Here are our common exploitation paths discovered during our internal penetration tests 2022. These paths are not overly complicated as you might find in CTF challenges but they are from real engagements. The purpose of this blog post is not to explain how the vulnerabilities work, there is plenty of documentation online. Instead we just want to share our most common exploitation paths that we have frequently used/abused in 2022. We also like these exploitation paths because since they work more at the network level they are more likely to not be affected by local protections like antivirus, which typically block memory attacks such as dumping LSASS. Hope you find them interesting. From Unauthenticated To Authenticated Track 1 – SMB Null + Password Spray Use Nmap smb-enum-users or enum4linux-ng to find and enumerate users on systems that they allow SMB login via NULL session. $ python3 enum4linux-ng.py host1.domain.local [+] After merging user results we have 563 user(s) total: ...