zBang icon indicating copy to clipboard operation
zBang copied to clipboard

Published 20 hours ago verified publisher icon cyberark

Sekeleton Key Scan in upgraded environments

Open bluecurby opened this issue 6 years ago • 1 comments

Hi, at first awesome tool. I encountered an issue with the skeleton key scan. In an upgraded domain (e.g. from 2003 to 2008) it can happen that systems didn't logged in since the upgrade, hence they don't support Encryption-Type 0x12 (AES-256). As your scan picks an arbitrary system it can lead to false-positives. A solution could be to check if the system has a lastlogontimestamp < 14 days.

Cheers

bluecurby avatar Jan 06 '19 11:01 bluecurby

Thank you @bluecurby for the good feedback and the reported issue. zBang focuses on scanning modern network with domain level 2008/2012/2016+. Your scenario is indeed interesting, and it bypasses an existing filter that we have implemented in the code on searching only updated domain levels. We assume this scenario is specific and not so popular, nevertheless we are planning to address this issue in a future zBang version.

Hechtov avatar Jan 28 '19 13:01 Hechtov