Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
I order to synchronize a new user from AzureAD to the on-prem AD these are the requirements:
- The AzureAD user needs to have a proxy address (a mailbox)
- License is not required
- Should not be already synced
{% code overflow="wrap" %}
Get-MsolUser -SerachString admintest | select displayname, lastdirsynctime, proxyaddresses, lastpasswordchangetimestamp | fl{% endcode %}
When a user like these is found in AzureAD, in order to access it from the on-prem AD you just need to create a new account with the proxyAddress the SMTP email.
An automatically, this user will be synced from AzureAD to the on-prem AD user.
{% hint style="danger" %} Notice that to perform this attack you don't need Domain Admin, you just need permissions to create new users.
Also, this won't bypass MFA.
Moreover, this was reported an account sync is no longer possible for admin accounts. {% endhint %}
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.