Home DCSync Lab Setup

DCSync Lab Setup

DCSync is a well-known technique allowing an attacker to extract password hash from the domain controller by simulating the behaviour of domain replication.Impersonating as an Domain Controller

Usually, only domain controllers, domain administrators, and enterprise administrators have the privileges required to perform DCSync.

Perform DcSync Attack

⇒ So for an user to perform DCSync Attack he needs the following permissions

  1. The “DS-Replication-Get-Changes” extended right

    • CN: DS-Replication-Get-Changes
    • GUID: 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2
  2. The “Replicating Directory Changes All” extended right

    • CN: DS-Replication-Get-Changes-All
    • GUID: 1131f6ad-9c07-11d1-f79f-00c04fc2dcd2
  3. The “Replicating Directory Changes In Filtered Set” extended right (this one isn’t always needed but we can add it just in case)

    • CN: DS-Replication-Get-Changes-In-Filtered-Set
    • GUID: 89e95b76-444d-4c62-991a-0facbeda640c

  • Open Active Directory Users and Computers > View > Click on Advance Features (reopen the application)

Image title

  • Right click on our Domain object crt.local > Click on Properties

Image title

  • Go on Security Tab > click on Add

Image title

Image title

  • Enter one of our domain user name i have use tony stark user account and click on ok

Image title

  • Select our user account which we have added , scroll down untill you see this three permissions and Allow this permissions

  • Click on Ok and Apply

Image title

So our lab is now ready to perform the DcSynck Attack

This post is licensed under CC BY 4.0 by the author.