Spoiler Removed
I appreciate your work on this. I will definitely look at it later.
Thanks for the script, will check it out
FYI technically that backup privilege isn’t an “AD privilege”. Its just a local machine priv that exists on all non domain machines as well, like every other privilege shown here: Privilege Constants (Winnt.h) - Win32 apps | Microsoft Learn
But yeah if you have that priv on a machine that happens to be an AD domain controller then you can abuse it to grab files that relate to AD like NTDIS.DIT.
Type your comment> @VbScrub said:
Thanks for the script, will check it out
FYI technically that backup privilege isn’t an “AD privilege”. Its just a local machine priv that exists on all non domain machines as well, like every other privilege shown here: Privilege Constants (Winnt.h) - Win32 apps | Microsoft Learn
But yeah if you have that priv on a machine that happens to be an AD domain controller then you can abuse it to grab files that relate to AD like NTDIS.DIT.
That was quite enlightening. Thank you!
I think I said so because the said box was AD. But it appears to be a general Windows exploit.