ActiveDirectory

No Hash, No Password, No Problem: Owning Active Directory via MSSQL and RBCD

No Hash, No Password, No Problem: Owning Active Directory via MSSQL and RBCD

In an internal assessment, I gained access to a linked MSSQL server running with domain administrator privileges. The initial access vector involved exploiting an arbitrary file read vulnerability on a Windows server, which allowed reading of configuration files, one of which contained MSSQL credentials. This blog post will detail the steps, obstacles, and unexpected turns encountered while testing and understanding privilege escalation paths in the environment.

Read More