CheeseOunce

Notice:

The MS-EVEN runing under the NT AUTHORITY\LOCAL SERVICE account, and this account can't provide valid credentials during network authentication so, in the NTLMRelay attacking, it can't work, like this (Sorry,I didn't test it fully, before push it):

This Simple POC make windows machines auth to another via MS-EVEN.

Use ElfrOpenBELW could make us did it.

Besides the C-based POC, an impacket-based python version is also available as cheese.py.

reference

https://github.com/topotam/PetitPotam

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-even/4db1601c-7bc2-4d5c-8375-c58a6f8fc7e1