Gmsa

  • Published on
    This was an Active Directory Windows machine, started by finding credentials in an image on the website, then dumped information with LDAP for the domain to find a kerberoastable user, then enumerating more shares with cme, find which accounts were active, and then get foothold. For root, we pfx2john, and find a GMSA exploit on powershell, to reset a higher privilege user's password so we can authenticate with our new credentials.