Exploiting Microsoft Windows Active Directory Certificate Service | CVE-2022-26923
Вставка
- Опубліковано 11 тра 2022
- In this video walk-through, we covered the recent vulnerability CVE-2022-26923 that affected Microsoft Windows Active Directory Certificate Service which allowed for local privilege escalation.
**********
Receive Cyber Security Field Notes and Special Training Videos
/ @motasemhamdan
*******
Challenge Answers
motasem-notes.net/exploiting-...
************
Patreon
www.patreon.com/motasemhamdan...
Backup channel
/ @hacknotesbackup
My Movie channel:
/ @motasemhamdanhacknotes
******
Thank you for this vulnerability breakdown and for even going through how ADCS works, very helpful. Liked and subbed
great video as usual how can i know ADCS hostname if i fully black box or i can just use DC hostname
nice
Great breakdown ! Subbed
Cool
Great video!
It gives me a better understanding of AD and vulnerabilities.
I have one question.
What software is used in the video when you explain with diagrams?
I ask because I think it is a good software that can explain things clearly.
Thanks. Software name is OpenBoard.
@@MotasemHamdan Thank you👍
Please tell me, will I be able to exploit the invulnerability of CVE-2022-26923 with Certify.exe instead of certipy?
0:07 doesn't make sense? Why?
Hello, i have an issue when i tried to request a TGT. I have this error: Kerberos SessionError: KDC_ERR_PADATA_TYPE_NOSUPP. And Can you explain please, why you have a ssh connection into the domain controller? Thank you,
My bad i forgot to request a certificate for the KDC that's why i got this error. But other thant that, can you explain please why you have ssh connexion to the domain controller? I thought the thm user has a low privileges.
will this CVE-2022-26923
is applicable for Azure AD or on-prem or both?
Both.
@@MotasemHamdan thanks
When i got NTLM hash for the machine account. Can i "pass the hash" on NTLM hash ?
You can try :)
@@MotasemHamdan I send my issue to your mail. Please review on it.
I struggled today to pass it. Did you get it working? I wasn't sure what user the hash was for either. I think lunadc$...
Hi my friend I have 2 questions first you logged on the Lunar machine using ssh thm@ip & using password:Password1@ ????
second I keep getting this error when using Certipy failed to resolve lundc.lunar.eruca , is there something I'm missing my friend & thanks for all your efforts.
problem solved I didn't configure the DNS in the script at /etc/hosts thanks anyway for your efforts :) ;)