The vulnerability MS14-068 published by Microsoft on 18 November 2014 permits with a valid domain user account to get administrator privilege creating a forged PAC, containing administrator account membership, inside a TG_REQ sent to KDC. It is signed with the KDC key (only the AD knows) and with the service key shared between the service for witch wants to be authenticated and the AD.
The PAC is provided by DC in the field autorization data of the service ticket. This PAC contains authorization data provided by domain controllers (DCs). The Active Directory stores the authorization data in a field of ticket called PAC (Privilege Account Certificate). Let’s start, before describing the step 2, to explain in what consists the MS14-68 bug. These are the systems used in my laboratory: System The picture below shows the scenario involved in the article.
#HOW TO INSTALL HAPROXY ON KALI LINUX PASSWORD#
The goal is to get a Kerberos ticket of Administrator user knowing only the password of a domain user: wonderful.
#HOW TO INSTALL HAPROXY ON KALI LINUX PATCH#
The goal is to increase the awareness of system administrator about the risk not to patch the systems: the only way to defense from this attack. This article shows how is possible to exploit an active directory system by a simple phishing campaign.įor this scope I will use metasploit framework: you must know the password (there are different way to stole the password but it is out the scope) of a domain user and have an Active Directory with MS14-68 vulnerability.
0 kommentar(er)
