Jump to content

Recommended Posts

Posted

This is a challenge to whomever will take it (I've noticed some OPs languishing for lack of ideas, but I'm an OP languishing for lack of skill).

After seeing the capabilities of Ian Haken's BlueBox (https://github.com/JackOfMostTrades/bluebox), I was inspired to find a way to port it or remake it for the Bash Bunny.

Seeing that Microsoft "patched" the vulnerabilities exploited by the BlueBox, I'd like to see what else could be gained by plugging a rogue DC into a locked computer. The challenge is to make a Bash Bunny payload that mimics an easily configurable domain controller to accomplish things like:

- Lockscreen bypass

- User-to-Admin Privilege Escalation

- Arbitrary registry edits via Group Policy

 

See also:

https://www.blackhat.com/docs/us-16/materials/us-16-Beery-The-Remote-Malicious-Butler-Did-It-wp.pdf

Posted

I love that the first bit of the article includes this:

"Past experience tells me that Microsoft doesn't always properly patch the vulnerabilities correctly."

I remain convinced that it is possible to make a Bash Bunny rogue DC, and that it could yield interesting insights.

Luke Jennings mentions:

"Even on Vista/2008 onwards, user settings group policy can be exploited if you know a user’s password to conduct a form of privilege escalation to gain SYSTEM on domain members. Microsoft have shown no intention thus far of providing a control to protect against this."

https://labs.mwrinfosecurity.com/blog/how-to-own-any-windows-network-with-group-policy-hijacking-attacks/

I'm amazed that there hasn't been more talk about this.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...