Skip to content

Latest commit

 

History

History
20 lines (14 loc) · 808 Bytes

README.md

File metadata and controls

20 lines (14 loc) · 808 Bytes

ADSelfService-Plus-PoC CVE-2019-12476

ADSelfService Plus version 4.3.3 PoC for an authentication bypass on Windows 10. Affects all versions of Windows

PoC Video

Steps to repoduce

  1. Disconnect from your enterprise network
  2. Connect to your own hotspot
  3. Click on reset password; the thick client browser should error out with a 404 if the password reset web application is hosted in the intranet
  4. Click on search for this site which should open a new internet explorer window.
  5. Press Ctrl S to open file explorer and browse to c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  6. Get System Shell without any authentication required.

Fix

Update to the latest version 5.0.6