Kutholwe kulo nyaka ivumela noma yimuphi umsebenzisi wesizinda ukuthi athole amalungelo omphathi wesizinda futhi afake engozini Uhla Lwemibhalo Olusebenzayo (AD) nabanye ababungazi abaxhunyiwe. Namuhla sizokutshela ukuthi lokhu kuhlasela kusebenza kanjani nokuthi ungakuthola kanjani.
Nakhu ukuthi lokhu kuhlasela kusebenza kanjani:
- Umhlaseli uthatha i-akhawunti yanoma yimuphi umsebenzisi wesizinda ngebhokisi leposi elisebenzayo ukuze abhalisele isici sesaziso sohlelo lokusebenza oluvela ku-Exchange.
- Umhlaseli usebenzisa i-NTLM edluliselwe ukukhohlisa iseva ye-Exchange: ngenxa yalokho, iseva ye-Exchange ixhuma kukhompuyutha yomsebenzisi eyonakele kusetshenziswa indlela ye-NTLM ngokusebenzisa indlela ye-HTTP, umhlaseli abe eseyisebenzisa ukuze aqinisekise isilawuli sesizinda nge-LDAP enemininingwane ye-akhawunti ye-Exchange.
- Umhlaseli ugcina esebenzisa lezi mininingwane ze-akhawunti ye-Exchange ukuze andise amalungelo akhe. Lesi sinyathelo sokugcina singenziwa futhi umlawuli onobutha osevele enokufinyelela okusemthethweni ukuze enze ushintsho oludingekayo lwemvume. Ngokwenza umthetho wokuthola lo msebenzi, uzovikeleka kulokhu nokuhlasela okufanayo.
Ngokulandelayo, umhlaseli angakwazi, isibonelo, ukusebenzisa i-DCSync ukuze athole amaphasiwedi asheshayo abo bonke abasebenzisi esizindeni. Lokhu kuzomvumela ukuthi enze izinhlobo ezahlukene zokuhlasela - kusukela ekuhlaselweni kwamathikithi egolide kuya ekudlulisweni kwe-hashi.
Ithimba labacwaningi be-Varonis liye lacwaninga ngokuningiliziwe le vector yokuhlasela futhi lalungiselela umhlahlandlela ukuze amakhasimende ethu ayibone futhi ngesikhathi esifanayo ahlole ukuthi asevele esengozini yini.
Ukutholwa Kokwenyuka Kwelungelo Lesizinda
Π Dala umthetho wangokwezifiso ukuze ulandelele izinguquko ezimvumeni ezithile entweni. Izoqaliswa lapho wengeza amalungelo nezimvume entweni onentshisekelo kuyo esizindeni:
- Cacisa igama lomthetho
- Setha isigaba ku-"Elevation of Privilege"
- Setha uhlobo lwensiza kokuthi "Zonke izinhlobo zensiza"
- Isiphakeli Sefayela = Izinsizakalo Zemibhalo
- Cacisa isizinda onentshisekelo kuso, isibonelo, ngegama
- Engeza isihlungi ukuze wengeze izimvume entweni ye-AD
- Futhi ungakhohlwa ukushiya inketho ethi "Sesha ezintweni zengane" ingakhethiwe.
Futhi manje umbiko: ukutholwa kwezinguquko kumalungelo ento yesizinda
Ushintsho kuzimvume entweni ye-AD aluvamile, ngakho-ke noma yini ebangele lesi sexwayiso kufanele futhi kufanele iphenywe. Kungaba umqondo omuhle futhi ukuhlola ukubukeka nokuqukethwe kombiko ngaphambi kokwethula umthetho ngokwawo empini.
Lo mbiko uzophinde ubonise uma ngabe usuvele ufakwe ebucayini ngalokhu kuhlasela:
Uma umthetho usucushiwe, ungaphenya zonke ezinye izehlakalo zokukhuphuka kwelungelo usebenzisa isixhumi esibonakalayo sewebhu se-DatAlert:
Uma usulungiselele lesi simiso, ungakwazi ukuqapha futhi uvikele kulokhu kanye nezinhlobo ezifanayo zobungozi bokuphepha, uphenye izehlakalo ngezinto zohla lwemibhalo ye-AD, futhi unqume ukuthi ungaba sengozini yini kulobu bungozi obubalulekile.
Source: www.habr.com