You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The SYSVOL folder on DC's (Domain Controllers) is a domain-wide network share in Active Directory (AD) to which all authenticated users in the domain have by default read access. The directory contains login scripts, group policy data, and other data that may be needed to be available to all users. The assessment team discovered that scripts within this folder contain sensitive information that may aid an attacker in lateral movement and reconnaissance. Within these scripts also contained clear text credentials to other domain resources.
Impact
If an attacker can gain access to the domain environment, they effectively can use these gathered credentials to attempt privilege escalation. These "User" credentials could result in further lateral movement or the ability to gain unauthorized access to different regions within the domain.
Recommendation(s)
The assessment team recommends that scripts used for administration, password changes, authenticated share mounting be removed. Automated password changes and authenticated share mounting should be accomplished with proper AD group delegation. A thorough audit should be conducted domain wide to identify other scripts exposing sensitive data or credentials.