DMSA

Difficulty: Medium Operating System: Windows Executive Summary Eighteen is a Windows Active Directory machine that combines database misconfigurations, password reuse, and modern Active Directory abuse techniques to achieve full domain compromise. The attack begins with access to a Microsoft SQL Server instance, progresses through credential recovery and password reuse, and ultimately leverages the BadSuccessor technique to abuse delegated Managed Service Accounts (dMSA), resulting in Domain Administrator privileges. Attack Path MSSQL Access (kevin) → Login Impersonation (appdev) → Financial Planner Database → PBKDF2 Credential Recovery → Password Reuse → WinRM Access (adam.scott) → BadSuccessor (dMSA Abuse) → Kerberos Impersonation → DCSync → Domain Administrator Reconnaissance Service Enumeration Initial enumeration revealed a limited attack surface: ...