To exploit BadSuccessor there are only two requirements:
- At least one DC is server 2025
- Access to a user with at least "create child all" privileges over an OU
The same user that has the abuse privileges over the OU and creates the DMSA can also be assigned retrieve the pass.
- At least one DC is server 2025
- Access to a user with at least "create child all" privileges over an OU
The same user that has the abuse privileges over the OU and creates the DMSA can also be assigned retrieve the pass.
May 22, 2025 at 11:41 AM
To exploit BadSuccessor there are only two requirements:
- At least one DC is server 2025
- Access to a user with at least "create child all" privileges over an OU
The same user that has the abuse privileges over the OU and creates the DMSA can also be assigned retrieve the pass.
- At least one DC is server 2025
- Access to a user with at least "create child all" privileges over an OU
The same user that has the abuse privileges over the OU and creates the DMSA can also be assigned retrieve the pass.