WebClient Abuse with Shadow Credentials
Вставка
- Опубліковано 22 чер 2024
- Sorry I said "um" almost a million times in this recording. Not used to moving so many things from one screen to another and narrating at the same time. I'll work on it :)
This is a demonstration of abusing the WebClient service resulting in shadow credentials being created for a machine account, and eventually the compromise of the machine. The cool thing here is that as long as the machine is running the WebClient service, all we need to escalate privileges on this computer is any domain account. Credit to @alh4zr3d3 for the idea and much of the tradecraft here: x.com/Alh4zr3d/status/1767211....
Toolset:
netexec (apt)
python3-impacket (apt)
krbrelayx (github.com/dirkjanm/krbrelayx)
PKINITtools (github.com/dirkjanm/PKINITtools)
Prerequisites for shadow credentials acc. to HackTricks:
book.hacktricks.xyz/windows-h...
nice !