3 matches found
Metasploit Weekly Wrap-Up
C is for cookie And that’s good enough for Apache CouchDB, apparently. Our very own Jack Heysel added an exploit module based on CVE-2022-24706 targeting CouchDB prior to 3.2.2, leveraging a special default ‘monster’ cookie that allows users to run OS commands. This fake computer I just made says...
Role Base Constrained Delegation
This module can read and write the necessary LDAP attributes to configure a particular object for Role Based Constrained Delegation RBCD. When writing, the module will add an access control entry to allow the account specified in DELEGATEFROM to the object specified in DELEGATETO. In order for th...
Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)
On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn tools in...