CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. Yet another low effort domain user to domain admin exploit.
If a Domain Controller is vulnerable it will return a TGT without a PAC, all eyes on small size tickets.
Patch your Domain Controllers!
Charlie Clark for his Rubeus fork and Kevin Robertson for SharpMad
nopac.exe scan -domain testlocal.net -user testlocaluser -pass 'testlocaluserPASS!'
Using a verified good password, triggers the following error:
Unhandled Exception: System.DirectoryServices.DirectoryServicesCOMException: The user name or password is incorrect.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at noPac.Program.getDCs(String domain, String username, String password, String domainController)
at noPac.Program.scan(String domain, String username, String password, String passwordHash, String domainController)
at noPac.Program.Main(String[] args)
It kicks up a 'NoPac has stopped working' error as well..
While the executable did compile. It did show this recurring warning below.
------ Rebuild All started: Project: noPac, Configuration: Debug x64 ------
C:\github\noPac\noPac\lib\S4U.cs(300,29,300,36): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\S4U.cs(389,25,389,32): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\S4U.cs(558,21,558,28): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\S4U.cs(902,21,902,28): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\S4U.cs(947,17,947,24): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\Roast.cs(158,25,158,32): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\Roast.cs(687,49,687,53): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\Roast.cs(811,21,811,28): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\Renew.cs(160,25,160,32): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\Ask.cs(411,25,411,32): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\Ask.cs(634,21,634,28): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\ForgeTicket.cs(976,21,976,28): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\LSA.cs(554,21,554,28): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\LSA.cs(590,25,590,32): warning CS0162: Unreachable code detected
C:\github\noPac\noPac\lib\LSA.cs(1480,69,1480,76): warning CS0162: Unreachable code detected
noPac -> C:\github\noPac\noPac\bin\x64\Debug\noPac.exe
========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ==========
It says : <<Ticket successfully imported!>>
but hasn't access to admin commands!
Machine account is not created before. Error message: Object Already exists.
Windows Server 2012 R2, Brand new environment.
Nice project!
Here is a error report when using it on Windows Server 2019 Standard , it reported A device attached to the system is not functioning.
And when I exploited this vulner step by step, when executing Set-MachineAccountAttribute , it reported the same error:
Does this means it is not vulnerable? However I checked the domain by scaning mode it showed vulnerable just same as the readme.md which in your repo.
Please check this, thanks a lot.
Hi,
I am not sure what I did wrong here. I have a mock 2016 and it does not create the user and PTH.
This might not be an issue just that there is not enough detail about getting it to work?
env :
dc:Windows 2016 standard
pc:Windows 10
Can the original state be restored after successful exploitation? An error "The object
already exists." occurs when using it for the second time?
/dc DC.whoamianony.org /mAccount demo12 /mPassword Password123! /service cifs /p
tt
[+] Distinguished Name = CN=demo12,CN=Computers,DC=whoamianony,DC=org
[+] Machine account demo12 added
[+] Machine account demo12 attribute serviceprincipalname cleared
System.DirectoryServices.DirectoryServicesCOMException (0x80071392): The object
already exists.
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at noPac.Program.SetMachineAccountAttribute(String container, String distingu
ishedName, String domain, String domainController, String attribute, String mach
ineAccount, String value, Boolean append, Boolean clear, Boolean verbose, Networ
kCredential credential)
Unhandled Exception: System.DirectoryServices.DirectoryServicesCOMException: The
object already exists.
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at noPac.Program.SetMachineAccountAttribute(String container, String distingu
ishedName, String domain, String domainController, String attribute, String mach
ineAccount, String value, Boolean append, Boolean clear, Boolean verbose, Networ
kCredential credential)
at noPac.Program.Main(String[] args)hi !
I'm getting this error when I want run and use nopack
System.Runtime.InteropServices.COMException: The server is not operational.
please help, thanks a lot <3
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.