Manual Path Analysis

WIth some techniques, you can analyze the path from your selected AD object to any your target.

  1. Type an account name or any AD object name in the search field at the top left corner. Hit Return.

  1. You will see the icon of the account name.

  1. Right-click on the icon of the user account, and select 'Set as Starting Node'.

  1. Let's go to 'Node Info', scroll down the page, and select 'Transitive Object Control in OUTBOUND OBJECT CONTROL.

If we are lucky, we have some good path to analyze. You will see something like, but I see one line to Domain icon with GenericAll privilege.

Let's analyze the further path by selecting Account Operators group and select 'Transitive Object Control' in OUTBOUND OBJECT CONTROL.

This is a bit messy diagram to look at, but you can understand what the paths for your exploit and abuse are.

PreviousCommon UsageNextAD-Miner

Last updated