Lab of a Penetration Tester: Abusing DNSAdmins privilege for escalation in Active Directory Logo

Lab of a Penetration Tester: Abusing DNSAdmins privilege for escalation in Active Directory

0
Free
Updated 11 March 2025
IAM
Privilege Escalation
Dll Injection
Visit Website

This lab demonstrates how to escalate privileges in an Active Directory environment by abusing the DNSAdmins privilege. The lab explains how a user who is a member of the DNSAdmins group or has write privileges to a DNS server object can load an arbitrary DLL with SYSTEM privileges on the DNS server. The lab setup includes enumerating users who are part of the DNSAdmins group using PowerView and targeting the buildadmin user in a real-world scenario.

FEATURES

EXPLORE BY TAGS

Privilege Escalation

Dll Injection

SIMILAR TOOLS

iam-policies-cli Logo
iam-policies-cli

CLI for generating AWS IAM policy documents, SAM policy templates or SAM Connectors

Free
IAM
aws-lint-iam-policies Logo
aws-lint-iam-policies

Runs IAM policy linting checks against AWS accounts to identify security best practices and policy errors.

Free
IAM
Jamf Connect Logo
Jamf Connect

Jamf Connect is an identity and access management solution that provides cloud-based authentication, password synchronization, and Zero Trust Network Access for Mac and mobile devices.

Commercial
IAM
cred_scanner Logo
cred_scanner

A tool for finding AWS credentials in files, optimized for Jenkins integration.

Free
IAM
Admin Free Active Directory and Windows Logo
Admin Free Active Directory and Windows

This article discusses protected accounts and groups in Active Directory, providing examples and screenshots to illustrate key concepts.

Free
IAM
KeeFarce Logo
KeeFarce

KeeFarce allows for the extraction of KeePass 2.x password database information from memory using DLL injection and CLRMD.

Free
IAM
AirIAM Logo
AirIAM

AirIAM is an AWS IAM to least privilege Terraform execution framework that compiles AWS IAM usage and leverages that data to create a least-privilege IAM Terraform.

Free
IAM
Akamai Identity Cloud Logo
Akamai Identity Cloud

Akamai Identity Cloud is a CIAM solution that manages customer identities, enhances user experiences, and ensures data protection and regulatory compliance for high-volume consumer brands.

Commercial
IAM
Microsoft Entra Verified ID Logo
Microsoft Entra Verified ID

A decentralized identity verification solution that enables organizations to issue, manage, and verify digital credentials for user-owned identity scenarios.

Commercial
IAM

PINNED

Mandos Logo

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security
CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved

LINKS
BlogContact
LEGAL
Terms of servicesPrivacy policy