all InfoSec news
noPac - Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User
Sept. 6, 2022, 12:30 p.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Changed from sam-the-admin.
Usage
SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chain
positional arguments:
[domain/]username[:password]
Account used to authenticate to DC.
optional arguments:
-h, --help show this help message and exit
--impersonate IMPERSONATE
target username that will be impersonated (thru S4U2Self) for quering the ST. Keep in mind this will only work if the identity provided in this scripts is allowed for delegation to the SPN specified
-domain-netbios NETBIOSNAME …
More from www.kitploit.com / KitPloit - PenTest Tools!
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Dir-Information Security - Cyber Analytics
@ Marriott International | Bethesda, MD, United States
Security Engineer - Security Operations
@ TravelPerk | Barcelona, Barcelona, Spain
Information Security Mgmt- Risk Assessor
@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
SAP CO Consultant
@ Atos | Istanbul, TR