Zvakawanikwa gore rino inobvumira chero mushandisi wedomeini kuti awane kodzero yekutonga domain uye kukanganisa Active Directory (AD) uye mamwe akabatana mauto. Nhasi tichakuudza kuti kurwisa uku kunoshanda sei uye kuti ungazviona sei.
Heino mashandiro anoita kurwisa uku:
- Anorwisa anotora iyo account yechero mushandisi wedomain ane inoshanda bhokisi retsamba kuitira kuti anyore kune iyo push yekuzivisa ficha kubva kuExchange.
- Anorwisa anoshandisa NTLM relay kunyengedza iyo Exchange server: semhedzisiro, iyo Exchange server inobatana nekombuta yemushandisi yakakanganisika ichishandisa iyo NTLM pamusoro peHTTP nzira, iyo anorwisa anobva ashandisa kuratidza kune iyo domain controller kuburikidza neLDAP ine Exchange account nhoroondo.
- Anorwisa anopedzisira ashandisa idzi Exchange account magwaro kuti awedzere maropafadzo avo. Iyi nhanho yekupedzisira inogona zvakare kuitwa nemutongi ane ruvengo uyo atova nemvumo yepamutemo yekuita kuti mvumo inodiwa ichinje. Nekugadzira mutemo wekuona chiitiko ichi, iwe uchadzivirirwa kubva kune izvi uye zvakafanana kurwiswa.
Mushure mezvo, munhu anorwisa anogona, semuenzaniso, kumhanya DCSync kuti atore mapassword ane hashed evashandisi vese mudura. Izvi zvinomutendera kuti aite akasiyana marudzi ekurwiswa - kubva kurwiswa kwetikiti regoridhe kuenda kune hashi kutapurirana.
Chikwata chekutsvagisa cheVaronis chakadzidza iyi vector yekurwisa zvakadzama uye yakagadzirira gwara revatengi vedu kuti vazvione uye panguva imwechete tarisa kana vakatokanganiswa.
Domain Ropafadzo Escalation Detection
Π Gadzira mutemo wetsika yekutevera shanduko kune dzakananga mvumo pachinhu. Ichakonzereswa kana uchiwedzera kodzero uye mvumo kune chinhu chinofarira mudura:
- Taura zita remutemo
- Isa chikamu ku "Elevation of Privilege"
- Seta rudzi rwezvishandiso ku "All resource types"
- Faira Server = DirectoryServices
- Tsanangura nzvimbo yauri kufarira, semuenzaniso, nemazita
- Wedzera sefa kuti uwedzere mvumo pachinhu cheAD
- Uye usakanganwa kusiya "Tsvaga muzvinhu zvevana" sarudzo isina kusarudzwa.
Uye ikozvino chirevo: kuona kwekuchinja kwekodzero kune chinhu chedomasi
Shanduko dzemvumo pachinhu cheAD hadziwanzo, saka chero chinhu chakonzeresa iyi yambiro chinofanira uye chinofanira kuongororwa. Zvingave zvakare zano rakanaka kuti uedze chitarisiko uye zvirimo mushumo usati watanga mutemo pachawo muhondo.
Chirevo ichi chicharatidzawo kana iwe wakatokanganiswa nekurwiswa uku:
Kana mutemo uchinge waitwa, unogona kuferefeta mamwe ese ropafadzo yekukwira zviitiko uchishandisa iyo DatAlert web interface:
Paunenge uchinge wagadzirisa mutemo uyu, unogona kutarisa nekudzivirira kubva kune idzi uye dzakafanana mhando dzekusagadzikana kwedziviriro, ongorora zviitiko neAD dhairekitori sevhisi zvinhu, uye uone kana iwe uri munjodzi yekusagadzikana uku.
Source: www.habr.com