profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/Thanathan-k/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

Thanathan-k/KrbCredExport 1

Exports Kerberos KrbCred Tickets for use in Mimikatz/Beacon from a Kerberos CCache File

Thanathan-k/EyeWitness 0

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Thanathan-k/LaTeXML 0

LaTeXML: a TeX and LaTeX to XML/HTML/ePub/MathML translator.

issue closedSecureAuthCorp/impacket

Feature Request: Add DCSync to ntlmrelayx.py

It would be great to have the option to use DCSync with ntlmrelayx.py in case we are able to catch and relay a user with the corresponding rights.

closed time in 3 months

Thanathan-k

issue commentSecureAuthCorp/impacket

Feature Request: Add DCSync to ntlmrelayx.py

@dirkjanm Thank you for the information! I wasn't aware of that. Seems like I should have delved deeper into the protocols, instead of only trying to figure out the impacket code.

Closing the issue then.

Thanathan-k

comment created time in 3 months

issue commentSecureAuthCorp/impacket

Feature Request: Add DCSync to ntlmrelayx.py

Hey. Thanks for your answers @ShutdownRepo and @0xdeaddood. However I knew of these functionalities already. I'm talking about a situation where a domain controller has no signing enforced, and I am able to trigger an authentication of one of the domain controllers to myself (for example with dementor/the printer bug). In this case the domain controller account should have DCSync rights. Since secretsdump is able to exploit this right (see earlier exploits with the exchange servers and granting a user DCSync rights using -escalate-user and afterwards using secretsdump to get the password hashes) I guess it should also be possible to directly use this functionality of secretsdump within ntlmrelayx instead of trying to dump the local hashes, therefore not requiring administrative privileges.

I've already tried myself to implement it and will continue to do so, however people already familiar with the code might get it done faster, so I thought asking here couldn't hurt :)

Thanathan-k

comment created time in 3 months

issue openedSecureAuthCorp/impacket

Feature Request: Add DCSync to ntlmrelayx.py

It would be great to have the option to use DCSync with ntlmrelayx.py in case we are able to catch and relay a user with the corresponding rights.

created time in 3 months