impacket icon indicating copy to clipboard operation
impacket copied to clipboard

Published 20 hours ago verified publisher icon fortra

Added renameMachine.py

Open ShutdownRepo opened this issue 3 years ago • 0 comments

Preparing a Pull Request that introduces scripts that allow to exploit the Kerberos sAMAccountName spoofing attacks (CVE-2021-42278 + CVE-2021-42287).

This attack chain allows regular users to spoof domain controllers. The requirement to this attack is to have an unpatched KDC and full control over a machine account (to be able to edit its sAMAccountName and servicePrincipalName attributes). Full control over a machine account can be gained by creating it in the first place (e.g. by leveraging the MachineAccountQuota domain-level attribute if it's greater than 0)

Screenshot from 2021-12-10 22-21-10

References

  • https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
  • https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing

ShutdownRepo avatar Dec 10 '21 21:12 ShutdownRepo