Knock and Pass: Kerberos Exploitation

Almost a year after the critical vulnerability MS14-068 a lot of guides and tutorials have written how to trick the Domain Controller in order to retrieve the Golden ticket impersonating a simple user as a user with “high level” privileges.

The purpose of this post is not to teach you or to re/present how to exploit a DC in order to retrieve the Kerberos ticket because there are hundreds well written posts about the specific exploitation but a general guide of how to configure a Linux machine in order to generate a valid Kerberos ticket without assigning your host machine into the Domain Controller.

In order to take advantage of the MS14-068 we need a valid associating user account with the DC and just the IP of the Domain Controller.

(Note: For the Purpose of this tutorial Kali Linux as guest OS and Windows Server 2008 R2 Standard as DC will be used. Bridged network adapter has been assigned to both machines.)

In order to generate Kerderos ticket in our guest machine a few dependencies are required to be installed.









Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s