|
6129 | 6129 |
|
6130 | 6130 | ], |
6131 | 6131 | "targets": null, |
6132 | | - "mod_time": "2023-03-09 02:09:29 +0000", |
| 6132 | + "mod_time": "2024-04-02 15:29:47 +0000", |
6133 | 6133 | "path": "/modules/auxiliary/admin/kerberos/get_ticket.rb", |
6134 | 6134 | "is_install_path": true, |
6135 | 6135 | "ref_name": "admin/kerberos/get_ticket", |
|
6528 | 6528 | } |
6529 | 6529 | ] |
6530 | 6530 | }, |
| 6531 | + "auxiliary_admin/ldap/shadow_credentials": { |
| 6532 | + "name": "Shadow Credentials", |
| 6533 | + "fullname": "auxiliary/admin/ldap/shadow_credentials", |
| 6534 | + "aliases": [ |
| 6535 | + |
| 6536 | + ], |
| 6537 | + "rank": 300, |
| 6538 | + "disclosure_date": null, |
| 6539 | + "type": "auxiliary", |
| 6540 | + "author": [ |
| 6541 | + "Elad Shamir", |
| 6542 | + "smashery" |
| 6543 | + ], |
| 6544 | + "description": "This module can read and write the necessary LDAP attributes to configure a particular account with a\n Key Credential Link. This allows weaponising write access to a user account by adding a certificate\n that can subsequently be used to authenticate. In order for this to succeed, the authenticated user\n must have write access to the target object (the object specified in TARGET_USER).", |
| 6545 | + "references": [ |
| 6546 | + "URL-https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab", |
| 6547 | + "URL-https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/shadow-credentials" |
| 6548 | + ], |
| 6549 | + "platform": "", |
| 6550 | + "arch": "", |
| 6551 | + "rport": 389, |
| 6552 | + "autofilter_ports": [ |
| 6553 | + |
| 6554 | + ], |
| 6555 | + "autofilter_services": [ |
| 6556 | + |
| 6557 | + ], |
| 6558 | + "targets": null, |
| 6559 | + "mod_time": "2024-04-09 07:53:26 +0000", |
| 6560 | + "path": "/modules/auxiliary/admin/ldap/shadow_credentials.rb", |
| 6561 | + "is_install_path": true, |
| 6562 | + "ref_name": "admin/ldap/shadow_credentials", |
| 6563 | + "check": false, |
| 6564 | + "post_auth": true, |
| 6565 | + "default_credential": false, |
| 6566 | + "notes": { |
| 6567 | + "Stability": [ |
| 6568 | + |
| 6569 | + ], |
| 6570 | + "SideEffects": [ |
| 6571 | + "config-changes" |
| 6572 | + ], |
| 6573 | + "Reliability": [ |
| 6574 | + |
| 6575 | + ] |
| 6576 | + }, |
| 6577 | + "session_types": false, |
| 6578 | + "needs_cleanup": false, |
| 6579 | + "actions": [ |
| 6580 | + { |
| 6581 | + "name": "ADD", |
| 6582 | + "description": "Add a credential to the account" |
| 6583 | + }, |
| 6584 | + { |
| 6585 | + "name": "FLUSH", |
| 6586 | + "description": "Delete all certificate entries" |
| 6587 | + }, |
| 6588 | + { |
| 6589 | + "name": "LIST", |
| 6590 | + "description": "Read all credentials associated with the account" |
| 6591 | + }, |
| 6592 | + { |
| 6593 | + "name": "REMOVE", |
| 6594 | + "description": "Remove matching certificate entries from the account object" |
| 6595 | + } |
| 6596 | + ] |
| 6597 | + }, |
6531 | 6598 | "auxiliary_admin/ldap/vmware_vcenter_vmdir_auth_bypass": { |
6532 | 6599 | "name": "VMware vCenter Server vmdir Authentication Bypass", |
6533 | 6600 | "fullname": "auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypass", |
|
0 commit comments