pyrdp icon indicating copy to clipboard operation
pyrdp copied to clipboard
verified publisher icon GoSecure

Try with ADCS relay attacks generated certs

Open obilodeau opened this issue 4 years ago • 1 comments

Read this: https://www.exandroid.dev/2021/06/23/ad-cs-relay-attack-practical-guide/

Can we use ADCS relay attacks to grab certificates that would be valid for RDP? This would enable greater reach in NLA-enabled environments.

obilodeau avatar Jul 28 '21 15:07 obilodeau

Took a look at the article and code they implemented. If I got the idea right: it is to relay the auth to an ADCS via PyRDP as they are doing here? It will still need more elements for the whole attack to be successful (in the how-to they are using dementor to abuse the printer spool bug)

lubiedo avatar Jan 03 '22 20:01 lubiedo