# Manual Path Analysis

WIth some techniques, you can analyze the path from your selected AD object to any your target. 

1. Type an account name or any AD object name in the search field at the top left corner. Hit Return. 

<figure><img src="https://4082237222-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA4bAkddGXesk1QCLYAY%2Fuploads%2FGE8FvfaVJAA15IObQ77q%2Fimage.png?alt=media&#x26;token=86947489-7a72-4228-b423-08e4b644a73c" alt=""><figcaption></figcaption></figure>

2. You will see the icon of the account name.

<figure><img src="https://4082237222-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA4bAkddGXesk1QCLYAY%2Fuploads%2Fs5PHILB6kecKCvL0WMdy%2Fimage.png?alt=media&#x26;token=c59bdee6-e51f-441e-a37d-132dc336a7e2" alt=""><figcaption></figcaption></figure>

3. Right-click on the icon of the user account, and select 'Set as Starting Node'.&#x20;

<figure><img src="https://4082237222-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA4bAkddGXesk1QCLYAY%2Fuploads%2FfCltzR7adRN8jkUEEu3u%2Fimage.png?alt=media&#x26;token=7d7e1b9b-56ad-4bff-a639-271325824dc9" alt=""><figcaption></figcaption></figure>

4. Let's go to 'Node Info', scroll down the page, and select 'Transitive Object Control in OUTBOUND OBJECT CONTROL.&#x20;

<figure><img src="https://4082237222-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA4bAkddGXesk1QCLYAY%2Fuploads%2F1dImifUblTDwgDAAMuKY%2Fimage.png?alt=media&#x26;token=270eeb9c-c8e8-4b4a-a800-4275a77c245c" alt=""><figcaption></figcaption></figure>

If we are lucky, we have some good path to analyze. You will see something like, but I see one line to Domain icon with GenericAll privilege.

<figure><img src="https://4082237222-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA4bAkddGXesk1QCLYAY%2Fuploads%2Frl3tZGdvBzXjRpr3e1gT%2Fimage.png?alt=media&#x26;token=63284750-eda3-4c79-9828-4d5bae32ed32" alt=""><figcaption></figcaption></figure>

Let's analyze the further path by selecting Account Operators group and select 'Transitive Object Control' in OUTBOUND OBJECT CONTROL.&#x20;

<figure><img src="https://4082237222-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA4bAkddGXesk1QCLYAY%2Fuploads%2Fpxayv6BkKED8EWirJ0Eg%2Fimage.png?alt=media&#x26;token=b508665f-29c1-44aa-8853-fb27945c2aa1" alt=""><figcaption></figcaption></figure>

This is a bit messy diagram to look at, but you can understand what the paths for your exploit and abuse are.&#x20;