Coercing NTLM Authentication from SCCM
https://posts.specterops.io/coercing-ntlm-authentication-from-sccm-e6e23ea8260a
#ad #ntlm #sccm
https://posts.specterops.io/coercing-ntlm-authentication-from-sccm-e6e23ea8260a
#ad #ntlm #sccm
SpecterOps
Coercing NTLM Authentication from SCCM - SpecterOps
SCCM crash course on how to prevent attacks, and invoking Automatic Client Push with SharpSCCM. How to build, test, and contribute to SharpSCCM.
👻 The Phantom Credentials of SCCM
If an Active Directory account has ever been configured as an NAA, the credentials may persist on former clients. Not only can we query the credential blobs from WMI, we can also retrieve previously used account blobs from the CIM repository, even if the computer is no longer a client.
https://posts.specterops.io/the-phantom-credentials-of-sccm-why-the-naa-wont-die-332ac7aa1ab9
#ad #credentials #sccm #nna #wmi
If an Active Directory account has ever been configured as an NAA, the credentials may persist on former clients. Not only can we query the credential blobs from WMI, we can also retrieve previously used account blobs from the CIM repository, even if the computer is no longer a client.
https://posts.specterops.io/the-phantom-credentials-of-sccm-why-the-naa-wont-die-332ac7aa1ab9
#ad #credentials #sccm #nna #wmi
SpecterOps
The Phantom Credentials of SCCM: Why the NAA Won’t Die - SpecterOps
Explore the risks lurking within SCCM's Network Access Accounts, why transitioning to Enhanced HTTP isn't enough, and why disabling NAAs from AD is crucial.
🔥3❤1❤🔥1
🔐 Exploiting SCCM’s AdminService API for Site Takeover 🔐
Extensive research into SCCM services has revealed a security flaw within the AdminService API, exploiting the authentication process and leading to unauthorized access. The AdminService API, backed by Microsoft Negotiate authentication, could be leveraged by malicious actors for privilege escalation, granting unauthorized Full Administrator privileges on the targeted site.
🌐 Details:
https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf
#ad #sccm #site #takeover
Extensive research into SCCM services has revealed a security flaw within the AdminService API, exploiting the authentication process and leading to unauthorized access. The AdminService API, backed by Microsoft Negotiate authentication, could be leveraged by malicious actors for privilege escalation, granting unauthorized Full Administrator privileges on the targeted site.
🌐 Details:
https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf
#ad #sccm #site #takeover
Medium
Site Takeover via SCCM’s AdminService API
tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM site takeover.
🔥8👍1
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2024-43468: ConfigMgr/SCCM 2403 Unauth SQLi to RCE
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
#git #exploit #ad #rce #sccm #pentest #redteam
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
#git #exploit #ad #rce #sccm #pentest #redteam
GitHub
GitHub - synacktiv/CVE-2024-43468
Contribute to synacktiv/CVE-2024-43468 development by creating an account on GitHub.
🔥5👍2❤1