all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Certsync - Dump NTDS With Golden Certificates And UnPAC The Hash

Add to bookmarks
June 23, 2023, 12:30 p.m. | noreply@blogger.com (Unknown)

KitPloit - PenTest Tools! www.kitploit.com


certsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate and UnPAC the hash. It works in several steps:

  1. Dump user list, CA informations and CRL from LDAP
  2. Dump CA certificate and private key
  3. Forge offline a certificate for every user
  4. UnPAC the hash for every user in order to get nt and lm hashes
$ certsync -u khal.drogo -p 'horse' -d essos.local -dc-ip 192.168.56.12 -ns 192.168.56.12
[*] …

mimic nameserver ntlm

Visit resource

More from www.kitploit.com / KitPloit - PenTest Tools!

ShellSweep - PowerShell/Python/Lua Tool Designed To Detect Potential Webshell Files In A Specified Directory 1 day, 1 hour ago | www.kitploit.com
Invoke-SessionHunter - Retrieve And Display Information About Active User Sessions On Remote Computers (No Admin … 2 days, 1 hour ago | www.kitploit.com
credentials invoke-sessionhunter localhost registry +1
Subhunter - A Fast Subdomain Takeover Tool 3 days, 1 hour ago | www.kitploit.com
bugbounty bug bounty tools pentesting security tools +3
Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework 3 days, 12 hours ago | www.kitploit.com
hakuin injection metadata mssql +6
BypassFuzzer - Fuzz 401/403/404 Pages For Bypasses 5 days, 1 hour ago | www.kitploit.com
403 bypass 403 forbidden bugbounty bypassfuzzer +5
PingRAT - Secretly Passes C2 Traffic Through Firewalls Using ICMP Payloads 6 days, 1 hour ago | www.kitploit.com
firewall bypass fud rat hacking tools penetration testing +3
LOLSpoof - An Interactive Shell To Spoof Some LOLBins Command Line 1 week ago | www.kitploit.com
call clear command command line +15
SQLMC - Check All Urls Of A Domain For SQL Injections 1 week, 1 day ago | www.kitploit.com
pentesting pentest tool python3 sqlinjection +1
BadExclusionsNWBO - An Evolution From BadExclusions To Identify Folder Custom Or Undocumented Exclusions On AV/EDR 1 week, 2 days ago | www.kitploit.com
badexclusionsnwbo edr evasion pentesting redteam

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Security Engineer II - Java Fullstack, AWS

@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
View on infosec-jobs.com

Consultant Cybersécurité Industrielle (F-H-X)

@ Bureau Veritas Group | COURBEVOIE, Ile-de-France, FR
View on infosec-jobs.com

Security Engineer II

@ Syniverse | Costa Rica
View on infosec-jobs.com