RBCD

No Hash, No Password, No Problem: Owning Active Directory via MSSQL and RBCD

No Hash, No Password, No Problem: Owning Active Directory via MSSQL and RBCD

In an internal assessment, I gained access to a linked MSSQL server running with domain administrator privileges. The initial access vector involved exploiting an arbitrary file read vulnerability on a Windows server, which allowed reading of configuration files, one of which contained MSSQL credentials.

Read More