all InfoSec news
Certsync - Dump NTDS With Golden Certificates And UnPAC The Hash
June 23, 2023, 12:30 p.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
certsync
is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate and UnPAC the hash. It works in several steps:
- Dump user list, CA informations and CRL from LDAP
- Dump CA certificate and private key
- Forge offline a certificate for every user
- UnPAC the hash for every user in order to get nt and lm hashes
$ certsync -u khal.drogo -p 'horse' -d essos.local -dc-ip 192.168.56.12 -ns 192.168.56.12
[*] …
More from www.kitploit.com / KitPloit - PenTest Tools!
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Security Engineer II - Java Fullstack, AWS
@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
Consultant Cybersécurité Industrielle (F-H-X)
@ Bureau Veritas Group | COURBEVOIE, Ile-de-France, FR
Security Engineer II
@ Syniverse | Costa Rica