HerrDoktor Posted April 11, 2017 Posted April 11, 2017 This is a challenge to whomever will take it (I've noticed some OPs languishing for lack of ideas, but I'm an OP languishing for lack of skill). After seeing the capabilities of Ian Haken's BlueBox (https://github.com/JackOfMostTrades/bluebox), I was inspired to find a way to port it or remake it for the Bash Bunny. Seeing that Microsoft "patched" the vulnerabilities exploited by the BlueBox, I'd like to see what else could be gained by plugging a rogue DC into a locked computer. The challenge is to make a Bash Bunny payload that mimics an easily configurable domain controller to accomplish things like: - Lockscreen bypass - User-to-Admin Privilege Escalation - Arbitrary registry edits via Group Policy See also: https://www.blackhat.com/docs/us-16/materials/us-16-Beery-The-Remote-Malicious-Butler-Did-It-wp.pdf Quote
illwill Posted April 12, 2017 Posted April 12, 2017 (edited) Violation of CoC Edited October 8, 2017 by illwill Violation of CoC Quote
HerrDoktor Posted April 12, 2017 Author Posted April 12, 2017 I love that the first bit of the article includes this: "Past experience tells me that Microsoft doesn't always properly patch the vulnerabilities correctly." I remain convinced that it is possible to make a Bash Bunny rogue DC, and that it could yield interesting insights. Luke Jennings mentions: "Even on Vista/2008 onwards, user settings group policy can be exploited if you know a user’s password to conduct a form of privilege escalation to gain SYSTEM on domain members. Microsoft have shown no intention thus far of providing a control to protect against this." https://labs.mwrinfosecurity.com/blog/how-to-own-any-windows-network-with-group-policy-hijacking-attacks/ I'm amazed that there hasn't been more talk about this. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.