[Payload Request / Challenge] BlueBox Remake

[HerrDoktor]

This is a challenge to whomever will take it (I've noticed some OPs languishing for lack of ideas, but I'm an OP languishing for lack of skill).

After seeing the capabilities of Ian Haken's BlueBox (https://github.com/JackOfMostTrades/bluebox), I was inspired to find a way to port it or remake it for the Bash Bunny.

Seeing that Microsoft "patched" the vulnerabilities exploited by the BlueBox, I'd like to see what else could be gained by plugging a rogue DC into a locked computer. The challenge is to make a Bash Bunny payload that mimics an easily configurable domain controller to accomplish things like:

- Lockscreen bypass

- User-to-Admin Privilege Escalation

- Arbitrary registry edits via Group Policy

 

See also:

https://www.blackhat.com/docs/us-16/materials/us-16-Beery-The-Remote-Malicious-Butler-Did-It-wp.pdf

[illwill]

Violation of CoC

Edited October 8, 2017 by illwill
Violation of CoC

[HerrDoktor]

I love that the first bit of the article includes this:

"Past experience tells me that Microsoft doesn't always properly patch the vulnerabilities correctly."

I remain convinced that it is possible to make a Bash Bunny rogue DC, and that it could yield interesting insights.

Luke Jennings mentions:

"Even on Vista/2008 onwards, user settings group policy can be exploited if you know a user’s password to conduct a form of privilege escalation to gain SYSTEM on domain members. Microsoft have shown no intention thus far of providing a control to protect against this."

https://labs.mwrinfosecurity.com/blog/how-to-own-any-windows-network-with-group-policy-hijacking-attacks/

I'm amazed that there hasn't been more talk about this.