🔐 Exploiting SCCM’s AdminService API for Site Takeover 🔐
Extensive research into SCCM services has revealed a security flaw within the AdminService API, exploiting the authentication process and leading to unauthorized access. The AdminService API, backed by Microsoft Negotiate authentication, could be leveraged by malicious actors for privilege escalation, granting unauthorized Full Administrator privileges on the targeted site.
🌐 Details:
https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf
#ad #sccm #site #takeover
Extensive research into SCCM services has revealed a security flaw within the AdminService API, exploiting the authentication process and leading to unauthorized access. The AdminService API, backed by Microsoft Negotiate authentication, could be leveraged by malicious actors for privilege escalation, granting unauthorized Full Administrator privileges on the targeted site.
🌐 Details:
https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf
#ad #sccm #site #takeover
Medium
Site Takeover via SCCM’s AdminService API
tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM site takeover.
🔥8👍1