歡迎光臨
我們一直在努力

Abusing Exchange: One API call away from Domain Admin

原文地址:https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/

In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers using NTLM over HTTP. This can be combined with an NTLM relay attack to escalate from any user with a mailbox to Domain Admin in probably 90% of the organisations I’ve seen that use Exchange. This attack is possible by default and while no patches are available at the point of writing, there are mitigations that can be applied to prevent this privilege escalation. This blog details the attack, some of the more technical details and mitigations, as well as releasing a proof-of-concept tool for this attack which I’ve dubbed “PrivExchange”.

前言引用來源:https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
文章圖片來源:https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/

-------------------
如果你認同我們每日分享的文章,請幫我們按個讚並且點擊追蹤「搶先看」,讓我們提供最新消息給您!您的分享及點讚,是我們持續推廣資訊安全最大的動力來源。
https://www.facebook.com/LonelyPoPo/

贊(0) 打賞
轉載請附上作者連結:波波的寂寞世界 » Abusing Exchange: One API call away from Domain Admin

波波的寂寞世界

Facebook聯繫我們

覺得文章有用,請作者喝杯咖啡

掃一掃打賞作者狗糧