Great content, really enjoyed this. Only thing I'd caution against is spraying all discovered hashes against all known user accounts unless you've first enumerated the lockout policy. Could be a bit chaotic haha! Thanks :)
Hi xct, glad you are back! I wanted to ask, is there a difference between your privilege escalation path and using something like the "sam-the-admin" or noPAC tools?
Hi! Yes, they are completely different concepts. What you mentioned is CVE based so you need a vulnerable/unpatched d version of Windows as the target. For RBCD you need a misconfiguration (the user has GenericWrite/GenericAll on the computer object of the DC).
@@xct_de Got it, thank you very much. And just to be sure, can this GenericWrite/GenericAll be abused with impacket using something like ticketer.py or getST.py? Or a better question would be if there exists a Linux equivalent way of doing this privilege escalation attack?
New PE method to my knowledge thank you so much! Keep it up. Could you please give me the tool link you mentioned at 14:27 that automates this PE technique?
Impacket errors out becuase there is no SAM file, the command should have been"impacket-secretsdump -ntds ntds.dit -system SYSTEM -security SECURITY LOCAL" but anyways awseome video! Thanks!
![[Attack]tive Directory: Compromising a Network in 20 Minutes Through Active Directory](http://i.ytimg.com/vi/MIt-tIjMr08/mqdefault.jpg)
Welcome back, XCT!
I couldn't believe my notifications. Thanks pal pal, more videos pls! Literally the only hacking videos I enjoy, due to your way better format.
Love the content. Short and concise. A+
I was stuck on the privesc part, thanks man!
Welcome back man missed your videos. Another great walk through
Thanks you ! Your explanations are perfect to understand RBCD, I struggled on it most of the time but not anymore :D
Love your Videos, so much to learn. Shorts and very informative. 👏👍
thanks! very helpful and learned a tons. looking forward to more!
Great content, really enjoyed this. Only thing I'd caution against is spraying all discovered hashes against all known user accounts unless you've first enumerated the lockout policy. Could be a bit chaotic haha! Thanks :)
Thanks! Yeah for sure it's not opsec safe :)
Nice new video on an interesting topic. Also very relevant for HTB :)
Thanks! Hehe yeah, similar to a somewhat recent HTB machine.
Good content keep it up !
nice to see you back : )
Welcome back !!! I love your videos.
Finally a new video! And a good one aswell :).
Great to see you back!
The Return of the King
Welcome back! :)
the king is back 🔥🔥
Perfection🔥
Hi xct, glad you are back! I wanted to ask, is there a difference between your privilege escalation path and using something like the "sam-the-admin" or noPAC tools?
Hi! Yes, they are completely different concepts. What you mentioned is CVE based so you need a vulnerable/unpatched
d version of Windows as the target. For RBCD you need a misconfiguration (the user has GenericWrite/GenericAll on the computer object of the DC).
@@xct_de Got it, thank you very much. And just to be sure, can this GenericWrite/GenericAll be abused with impacket using something like ticketer.py or getST.py? Or a better question would be if there exists a Linux equivalent way of doing this privilege escalation attack?
@@Hacsev Yes you can checkout the rbcd-attack repo linked in the blog post (see desc) - it has a description on how to do it from linux.
nice
New PE method to my knowledge thank you so much! Keep it up.
Could you please give me the tool link you mentioned at 14:27 that automates this PE technique?
It's linked in the blog post in the description :)
@@xct_de thank you so much
What red team training I can take to learn such manual techniques?
You can join vulnlab :)
already did, but that's only partial of something to do to a red team engagement.
@@xct_de I saw vulnlab offering on access labs. Does it comes with guides, walkthrough, and video tutorials?
what kind of screen multiplexer do you use ?
This is i3.
@@xct_de and what is this γt promt in the terminal? Never seen before!
Impacket errors out becuase there is no SAM file, the command should have been"impacket-secretsdump -ntds ntds.dit -system SYSTEM -security SECURITY LOCAL" but anyways awseome video! Thanks!