APT
KrbRelay with RBCD Privilege Escalation The short step-by-step writeup about how to do the LPE with KrbRelay + RBCD on a domain-joined machine using KrbRelay + Rubeus: https://gist.github.com/tothi/bf6c59d6de5d0c9710f23dae5750c4b9 #ad #kerberos #relay #rbcd…
NTLMRelay2Self over HTTP
Just a walkthrough of how to escalate privileges locally by forcing the system you landed initial access on to reflectively authenticate over HTTP to itself and forward the received connection to an HTTP listener (ntlmrelayx) configured to relay to DC servers over LDAP/LDAPs for either setting shadow credentials or configuring RBCD.
https://github.com/med0x2e/NTLMRelay2Self
#ad #ntlm #relay #rbcd #redteam
Just a walkthrough of how to escalate privileges locally by forcing the system you landed initial access on to reflectively authenticate over HTTP to itself and forward the received connection to an HTTP listener (ntlmrelayx) configured to relay to DC servers over LDAP/LDAPs for either setting shadow credentials or configuring RBCD.
https://github.com/med0x2e/NTLMRelay2Self
#ad #ntlm #relay #rbcd #redteam
GitHub
GitHub - med0x2e/NTLMRelay2Self: An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav). - med0x2e/NTLMRelay2Self
👍4
Forwarded from Волосатый бублик
#ad #relay #webdav #ldap
[ DavRelayUp ]
https://github.com/Dec0ne/DavRelayUp
[ DavRelayUp ]
A port of #KrbRelayUp with modifications to allow for NTLM relay from WebDAV to LDAP and abuse #RBCD in order achieve #LPE in domain-joined windows workstations where LDAP signing is not enforced.Thanks to: Руслан
https://github.com/Dec0ne/DavRelayUp
❤5🔥1