Lucene search
K

148 matches found

Cvelist
Cvelist
added 2022/05/17 7:44 p.m.21 views

CVE-2021-35249 Domain Admin Broken Access Control

This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data read only operation. This UAC issue leads to a data leak to...

4.3CVSS4.9AI score0.00644EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/05/01 12:30 p.m.32 views

BackupOperatorToDA - From An Account Member Of The Group Backup Operators To Domain Admin Without RDP Or WinRM On The Domain Controller

If you compromise an account member of the group Backup Operators you can become the Domain Admin without RDP or WinRM on the Domain Controller. All credit from filipdragovic with his inital POC ! I build this project because I wanted to have a more generic binary with parameters and also being...

7.6AI score
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2022/04/27 12:0 a.m.10 views

Microsoft Windows Active Directory Privilege Escalation Multiple Vulnerabilities (CVE-2021-42278; CVE-2021-42287)

Multiple Privilege Escalation vulnerabilities exists in Microsoft Windows Active Directory. Successful exploitation of this vulnerability could allow a remote attacker to easily elevate their privilege to that of a domain admin once he compromise a regular user in the domain...

6.5CVSS3.9AI score0.74265EPSS
Exploits10
Kitploit
Kitploit
added 2022/04/02 8:30 p.m.117 views

Odin - Central IoC Scanner Based On Loki

Odin is a central IoC scanner based on Loki General Info This application Loki latest version and download it on all machines using a powershell script and run it then this app receives the respose from all machines and parse the feed in CSV form. Requirements 1. Python +3.5 2. PyQT5 3. psutil 4...

7.2AI score
Exploits0References6
The Hacker News
The Hacker News
added 2021/12/22 7:1 a.m.64 views

Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers

Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept PoC tool on December 12. The two vulnerabilities — tracked as CVE-2021-42278 and CVE-2021-42287 — have a severi...

8.8CVSS0.7AI score0.74265EPSS
Exploits10
ThreatPost
ThreatPost
added 2021/12/21 4:46 p.m.96 views

Two Active Directory Bugs Lead to Easy Windows Domain Takeover

A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. In a Monday alert, Microsoft urged organizations to immediately patch the pair of bugs, tracked as CVE-2021-42287 and...

8.8CVSS9AI score0.74265EPSS
Exploits10References20
Kitploit
Kitploit
added 2021/08/04 12:30 p.m.67 views

SharpLAPS - Retrieve LAPS Password From LDAP

The attribute ms-mcs-AdmPwd stores the clear-text LAPS password. This executable is made to be executed within Cobalt Strike session using execute-assembly. It will retrieve the LAPS password from the Active Directory. Require either: Account with ExtendedRight or Generic All Rights Domain Admin...

7.5AI score
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2020/10/02 1:57 p.m.21 views

This One Time on a Pen Test: I Know...Everything

Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. It...

7.2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/09/23 5:5 a.m.1199 views

CVE-2020-1472/Zerologon. As an IT manager should I worry?

TL;DR Yes, apply the update from Microsoft. The new MS08-067? CVE-2020-1472 is an elevation of privilege vulnerability in a cryptographic authentication scheme used by the Netlogon service and was discovered and named Zerologon by Tom Tervoort at Secura. It does not require authentication. It can...

10CVSS8.5AI score0.99512EPSS
Exploits96
NCSC
NCSC
added 2020/09/18 12:0 a.m.13 views

Vulnerability fixed in Samba

Ubuntu has fixed a vulnerability in Samba. The vulnerability potentially allows a malicious party to obtain domain administrator rights. The vulnerability with reference CVE-2020-1472 in Samba in that case should be exploited in conjunction with a vulnerable Microsoft domain controller to be...

10CVSS6.4AI score0.99512EPSS
Exploits75
GithubExploit
GithubExploit
added 2020/09/16 9:22 a.m.137 views

Exploit for CVE-2020-1472

CVE-2020-1472 Netlogon Remote Protocol Call MS-NRPC Privileg...

10CVSS8.2AI score0.99512EPSS
Exploits75
CERT
CERT
added 2020/09/16 12:0 a.m.1145 views

Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector

Overview The Microsoft Windows Netlogon Remote Protocol MS-NRPC reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator...

10CVSS8.6AI score0.99512EPSS
Exploits75References14
GithubExploit
GithubExploit
added 2020/09/14 4:57 p.m.322 views

Exploit for CVE-2020-1472

CVE-2020-1472 Checker & Exploit Code for CVE-2020-1472 aka Z...

10CVSS8.3AI score0.99512EPSS
Exploits75
Gitee
Gitee
added 2020/09/02 3:41 p.m.4 views

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2020-1350, a remote code execution vulnerability in Windows DNS Server. Achieves Domain Admin on Domain Controllers running Windows Server 2003 up to Windows Server 2019. The script is written in Bash and is designed to be run from a Linux host on a Windows Active Directory...

10CVSS9.9AI score0.92178EPSS
Exploits21
GithubExploit
GithubExploit
added 2020/07/29 7:2 p.m.235 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Netwrix Account_Lockout_Examiner

CVE-2020-15931 Netwrix Account Lockout Examiner 4.1 Domai...

7.5CVSS7.6AI score0.03726EPSS
Exploits1
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/06/12 5:48 a.m.28 views

Revisiting old tools

Many, many years ago I was onsite and noticed that a company's internal website had checked out their website using the subversion code versioning system. This subversion archive contained the site's web.config which has a set of credentials for SQL server, which through many steps led to domain...

7.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/04/01 5:23 a.m.48 views

Honeyroasting. How to detect Kerberoast breaches with honeypots

Introduction As we know one of the main issues facing defenders, especially in large environments, is protecting against threat actors after they gain a foothold in the environment. If an attacker lands on a domain-joined PC, the attack surface is massive, and it is vital to detect them as quickl...

7.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/02/04 5:30 p.m.8473 views

Ghost in the shell: Investigating web shell attacks

Recently, an organization in the public sector discovered that one of their internet-facing servers was misconfigured and allowed attackers to upload a web shell, which let the adversaries gain a foothold for further compromise. The organization enlisted the services of Microsoft’s Detection and...

7.5CVSS0.3AI score0.99913EPSS
Exploits56
NVD
NVD
added 2020/01/26 9:15 p.m.21 views

CVE-2020-7984

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the...

7.5CVSS7.5AI score0.02475EPSS
Exploits1References8
Prion
Prion
added 2020/01/26 9:15 p.m.16 views

Design/Logic Flaw

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the...

5CVSS7.5AI score0.02475EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder