iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (2)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
"Hacking In A Domain Environment"
  • McKittrick
    Posts: 194
    Anyone on here familiar with Windows domains? i have dealt with them only slightly. i was wondering if any of you knew alot about remote penetration of a Windows domain. i have heard it is rather difficult to get passed the standard KERBEROS authentication. the only bit i know on domains is from the controller end of it, they mostly run LDAP so users can query the Global Catalogue. i realize host traffic going through a domain is usually tunneled with IPSEC on L2TP, so is this a rather difficult challenge to accomplish?
  • Sh3llc0d3
    Posts: 1,910
    Not too sure about the rest but KERBEROS was bypassed successfully recently on all major systems

    http://secgroup.ext.dsi.unive.it/projects/kerberos/
  • mandi
    Posts: 207
    Bro make it clear you want to break the encrypted traffic being transmitted from the windows domain?am i right?
  • McKittrick
    Posts: 194
    thank you for the info related to the new KERBEROS attack methods. i was familiar with the former, not the latter. howver, after reading it, i found that the only way it would work is if you had access PHYSICALLY to the machine on the network (an inside job?) so from a remote standpoint (which is where i was going with this) it would still be almost impossible to achieve

    (they also mention a MITM attack in a KERBEROS realm. wouldn't this be rather difficult since the entire traffic flow would be encrypted?)
  • Sh3llc0d3
    Posts: 1,910
    said:


    i have found the incognito tool to be very useful when hacking in a domain environment.

    some literature:
    http://carnal0wnage.blogspot.com/2009/0 ... o-and.html
    http://www.mwrinfosecurity.com/publicat ... -04-14.pdf
    http://www.mwrinfosecurity.com/publicat ... -04-14.pdf


    pretty much if you have access to a box with sufficient privs, its possible to impersonate a domain admin's token. this would allow you to do all kind of fun stuff, like add a new domain account which would then give you the ability to log into any box in the domain. the only catch is you have to find a box that a domain admin has logged into recently.



    Thanks for the info :)
Add a Comment