Skip to content

Commit d0e78b3

Browse files
passtheticketpasstheticket
authored
Update README.md
1 parent 0be4476 commit d0e78b3

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# Abusing Laps Toolkit
22

33
## Introduction
4-
If the ```ms-DS-Machine-Account-Quota``` attribute value is default and there is no delegation about domain join permissions to add computer to Active Directory , a domain user can add computer account to domain using the ```ms-ds-machine-account-quota``` attribute . So that domain user reads password (```ms-mcs-admpwd```) of local administrator user and uses the password for persistence. For example, user can edit registry settings or add own account to local administrators group after GPO which removes undefined users from local administrators group.
4+
If the ```ms-DS-Machine-Account-Quota``` attribute value is default, there is no delegation about domain join permissions to add computer to Active Directory , a domain user can add computer account to domain using the ```ms-ds-machine-account-quota``` attribute . So that domain user reads password (```ms-mcs-admpwd```) of local administrator user and uses the password for persistence. For example, user can edit registry settings or add own account to local administrators group after GPO which removes undefined users from local administrators group.
55

66
1. Add computer account to Active Directory:
77
* ``PS C:\> Add-ComputerToDomainWithUserRights``

0 commit comments

Comments
 (0)