logo

A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks

Conference:  Defcon 31

2023-08-01

Authors:   Ceri Coburn Red Team Operator & Offensive Security Dev @ Pen Test Partners


Abstract

The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.

Materials:

Post a comment