Great video! It gives me a better understanding of AD and vulnerabilities. I have one question. What software is used in the video when you explain with diagrams? I ask because I think it is a good software that can explain things clearly.
Hello, i have an issue when i tried to request a TGT. I have this error: Kerberos SessionError: KDC_ERR_PADATA_TYPE_NOSUPP. And Can you explain please, why you have a ssh connection into the domain controller? Thank you,
My bad i forgot to request a certificate for the KDC that's why i got this error. But other thant that, can you explain please why you have ssh connexion to the domain controller? I thought the thm user has a low privileges.
Hi my friend I have 2 questions first you logged on the Lunar machine using ssh thm@ip & using password:Password1@ ???? second I keep getting this error when using Certipy failed to resolve lundc.lunar.eruca , is there something I'm missing my friend & thanks for all your efforts.
Thank you for this vulnerability breakdown and for even going through how ADCS works, very helpful. Liked and subbed
great video as usual how can i know ADCS hostname if i fully black box or i can just use DC hostname
0:07 doesn't make sense? Why?
Great breakdown ! Subbed
Please tell me, will I be able to exploit the invulnerability of CVE-2022-26923 with Certify.exe instead of certipy?
Great video!
It gives me a better understanding of AD and vulnerabilities.
I have one question.
What software is used in the video when you explain with diagrams?
I ask because I think it is a good software that can explain things clearly.
Thanks. Software name is OpenBoard.
@@MotasemHamdan Thank you👍
Cool
Hello, i have an issue when i tried to request a TGT. I have this error: Kerberos SessionError: KDC_ERR_PADATA_TYPE_NOSUPP. And Can you explain please, why you have a ssh connection into the domain controller? Thank you,
My bad i forgot to request a certificate for the KDC that's why i got this error. But other thant that, can you explain please why you have ssh connexion to the domain controller? I thought the thm user has a low privileges.
When i got NTLM hash for the machine account. Can i "pass the hash" on NTLM hash ?
You can try :)
@@MotasemHamdan I send my issue to your mail. Please review on it.
I struggled today to pass it. Did you get it working? I wasn't sure what user the hash was for either. I think lunadc$...
nice
will this CVE-2022-26923
is applicable for Azure AD or on-prem or both?
Both.
@@MotasemHamdan thanks
Hi my friend I have 2 questions first you logged on the Lunar machine using ssh thm@ip & using password:Password1@ ????
second I keep getting this error when using Certipy failed to resolve lundc.lunar.eruca , is there something I'm missing my friend & thanks for all your efforts.
problem solved I didn't configure the DNS in the script at /etc/hosts thanks anyway for your efforts :) ;)