Monday, January 1, 2018
Windows Credential Attack - Part 3
In part 1 and 2, I wrote about passing the hash(PHH) and passing the ticket(PTT). This time, I will demonstrate how an attacker can still reuse a golden ticket even if you setup a 2nd DC (Domain Controller). It is common for admins to have more than 1 DC as a backup, in an event the primary is compromised, the BDC(Backup DC) is promoted to PDC. The assumption that this will remove the golden ticket. Unfortunately, that assumption is not right since the BDC will auto sync the AD objects and KDC from the PDC. In affect, BDC will inherit the KRBTGT from the Primary, thus, the golden ticket is transferred over. The video demo below illustrates how this happens seamlessly when a BDC is promoted as a PDC. We execute mimikatz on BDC and dump the LM hashes and reuse the KRBTGT ticket to gain psexec rights on another client PC that is authenticated to the same domain controller.
Subscribe to:
Post Comments (Atom)
By doubling bets after every win, one retains betting every little thing they've gained till they both stop playing in}, or lose all of it. These schemes work by figuring out that the ball is more more likely to|prone to} fall at sure numbers. If effective, they elevate the return of the sport above one hundred pc, defeating the betting system problem. Most sometimes (Mayfair casinos in London and 다 파벳 우회 주소 other top-class European casinos) with these maximum or full full bets, nothing is ever placed on the layout even in the case of a win.
ReplyDelete