Thought I would put up a post about a exploit that is rearing its head recently and it has to do with the way Group Policy stores credentials for local users and groups, services and scheduled tasks. Specifically named MS14-025. Now MS have done a great job of encrypting the passwords in group policy. But a terrible job of keeping the private key secret :-P... Below is a short example of how you can use the gpp meterpreter module in metasploit to exploit this.
So this exploit was run on the DC but can be used in other places if necessary. I will work on a python script soon to extract the value out of the xml file and then unencrypt it.
First lets create a new user
Lets run the exploit to get a reverse handler and meterpreter session. Getsystem privs and then background the session.
Lets use the gpp module
use post/windows/gather/credentials/gppset session 2run 
the results!
No comments:
Post a Comment