The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm.  This talk and tool demonstration will show how this marriage is a match made in hell.  Microsoft's Kerberos stack relies on non standard data to identify it's users.  MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users.  We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority.  This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.

DEF CON (also written as DEFCON, Defcon or DC) is a hacker convention held annually in Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, conference badges, and anything else that can be "hacked". The event consists of several tracks of speakers about computer- and hacking-related subjects, as well as cyber-security challenges and competitions (known as hacking wargames). Contests held during the event are extremely varied, and can range from creating the longest Wi-Fi connection to finding the most effective way to cool a beer in the Nevada heat.

A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks

Conference: Defcon 31

Authors: Ceri Coburn Red Team Operator & Offensive Security Dev @ Pen Test Partners

Abstract

Post a comment

Related work

Zerologon: From Zero to Domain Admin by Exploiting a Crypto Bug