Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Try with ADCS relay attacks generated certs #325

Open
obilodeau opened this issue Jul 28, 2021 · 1 comment
Open

Try with ADCS relay attacks generated certs #325

obilodeau opened this issue Jul 28, 2021 · 1 comment
Labels
investigate Needs more thought / experience

Comments

@obilodeau
Copy link
Member

Read this: https://www.exandroid.dev/2021/06/23/ad-cs-relay-attack-practical-guide/

Can we use ADCS relay attacks to grab certificates that would be valid for RDP? This would enable greater reach in NLA-enabled environments.
@obilodeau obilodeau added the investigate Needs more thought / experience label Jul 28, 2021
@lubiedo
Copy link
Contributor

lubiedo commented Jan 3, 2022

Took a look at the article and code they implemented. If I got the idea right: it is to relay the auth to an ADCS via PyRDP as they are doing here? It will still need more elements for the whole attack to be successful (in the how-to they are using dementor to abuse the printer spool bug)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
investigate Needs more thought / experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@obilodeau @lubiedo