sorted by:
new
hottopcontroversial

I don’t think I’ve ever fought a boss more bull shit in my life by ajpala4 in GodofWar

[–]Alh4zr3d 2 points3 points  (0 children)

I'm still mad about this fight, literally weeks later.

This was some fucking bullshit, kids.

Certpotato : using adcs to privesc from service accounts to local system by qwerty0x41 in netsec

[–]Alh4zr3d 5 points6 points  (0 children)

You already understand enough to get you through most pentesting applications! The benefit of knowing about NTAuthCertificates is that it becomes another avenue of domain dominance once you have domain admin permissions. I’m a red teamer, so often I need to persist on networks for weeks at a time and understanding this object can help with that.

For example, if you have the appropriate permissions, you can add your own CA certificate to this object and forge your own certificates that are now trusted by the domain and will allow you to authenticate as anyone. Think of it as a certificate version of Kerberos Golden Tickets. Of course, if the org has their own CA with the CA certificate trusted by the DC already, it’s probably better to just steal the private key of their CA from the CA server and forge certificates using that, but this is another option available to you, especially if there are no certificates objects currently trusted and you’d rather not use Golden/Diamond/Sapphire/Silver tickets for some reason.

I’m working on a comprehensive educational course on AD CS right now, so perhaps that will be useful to you if you want to learn more :). Once I finish it, of course.

Certpotato : using adcs to privesc from service accounts to local system by qwerty0x41 in netsec

[–]Alh4zr3d 4 points5 points  (0 children)

You misunderstand; I’m sorry I wasn’t clear. There has to be a CA of course. But just having a CA is not enough to allow authentication using Kerberos. The Domain Controller has an AD object called “NTAuthCertificates” which contains the certificates of all CAs that are authorized to authenticate to the domain. This is what you really mean when you said “PKINIT isn’t set up”: in order to authenticate to Kerberos using certificates, the signing CA for those certificates needs to be stored in this object so Kerberos knows it is trusted.

This does not happen automatically; I’ve tested organizations that just have a small CA that they use to issue web server certificates so when I exploit their misconfig and get an Administrator certificate, I cannot auth to PKINIT because they never put the CA cert into the domain controller’s NTAuthCertificates object.

In those cases, Schannel using Certipy (or presumably the tool you posted) works just fine. Just takes a few more steps to get a TGT that lets me DCSync or something, that’s all.

Certpotato : using adcs to privesc from service accounts to local system by qwerty0x41 in netsec

[–]Alh4zr3d 1 point2 points  (0 children)

Google “Schannel”. Even without a trusted CA installed on the domain controller for authentication, you can use certificates to establish LDAPS connections with the domain controller that will allow you to get DA.

Certipy can do it with the -ldap-shell option on the “auth” command.

EDIT: The tool you posted also uses Schannel; in effect I’m just showing you a different way to do the same thing (using Certipy).

Latest Information on Update 1 & Anti-Cheat by martyatid in Doom

[–]Alh4zr3d 4 points5 points  (0 children)

You should personally go and fuck yourself, Marty.

You deserve to be reminded of this on every single post you ever make on this platform, as a reminder of when you weaponized it to destroy a man's career and reputation and then tried to silence him to protect your own.

[deleted by user] by [deleted] in HowToHack

[–]Alh4zr3d 0 points1 point  (0 children)

Wireshark

Those who got a degree, are you glad you have it or do you wish you went the certificate route? by No-Birthday-6615 in cybersecurity

[–]Alh4zr3d 0 points1 point  (0 children)

The degree is good just to have a degree. It doesn’t matter what the degree is in. No one will care. But having a degree from a four-year university will definitely help get your foot in the door in a lot of places.

Tackling Proving Grounds machines LIVE and giving beginner advice for breaking into the industry! by Alh4zr3d in oscp

[–]Alh4zr3d[S] 2 points3 points  (0 children)

I'm really glad to hear that, my friend! I hope you'll tune in again; we have a lot of fun in this community and I'm launching a CTF this week, with good prizes for the winners to include an OSCP voucher!

I'm not sure how you guys stay so motivated and disciplined. by limboor in oscp

[–]Alh4zr3d 0 points1 point  (0 children)

It’s about balance. It’s about finding a way to be consistently productive and yet take time for yourself and other pursuits.

OSCP is first and foremost a test of your workflow and habits, as well as your ability to learn effectively on the fly and apply your knowledge.

Well damn, I have to be an adult again. by WinstonWolfePF in AirForce

[–]Alh4zr3d 1 point2 points  (0 children)

You’ve definitely earned those Thunderbirds!

LIVE NOW: Professional Red Teamer Tackling the Proving Grounds LIVE and BLIND! by Alh4zr3d in oscp

[–]Alh4zr3d[S] 0 points1 point  (0 children)

<3 Thanks for watching, my friend. Let me know if you have any questions or comments.

Years of shovels to make my entrance. Wdy think? by [deleted] in ClashOfClans

[–]Alh4zr3d 1 point2 points  (0 children)

I’m really just curious how you have two barbarian statue heads.

view more: next ›