CVE-2021-42278 PoC — Active Directory Domain Services Elevation of Privilege Vulnerability

Source

Associated Vulnerability

Description

Detection script for CVE-2021-42278 and CVE-2021-42287

Readme

## About

Detection script for CVE-2021-42278 and CVE-2021-42287

## Usage
```
The detection script uses the domain account credentials to determine the possibility of the vulnerabilities.

usage: noPac-detection.py [-h] [-debug] -dc-ip <IP address> -targetUser <Target Username> credentials

optional arguments:
  -h, --help            show this help message and exit
  -debug                Turn DEBUG output ON

mandatory:
  -dc-ip <IP address>   IP of the domain controller to use. Useful if you can't translate the FQDN.specified in the
                        account parameter will be used
  -targetUser <Target Username>
                        The target user to retrieve the PAC of
  credentials           domain/username[:password]. Valid domain credentials to use for grabbing targetUser's PAC

```
>Note: All mandatory values are necessary for the script to function, supportes debug mode,the TargetUser can be any domain connected user account, always set domain as domain.local For Ex: megacorp.local, cars.local etc.,

***
### Examples:

+  `$ python noPac-detection.py MARVEL.local/pparker:P#%DG323c89 -targetUser fcastle -dc-ip 192.168.10.13`
![1.png](./resources/image.png)

***

File Snapshot

 [4.0K]  /data/pocs/6ca63b5f4022ed8de769fc5217a02064a5a487d3
├── [5.7K]  noPac-detection.py
├── [1.2K]  README.md
├── [  26]  Requirements.txt
└── [4.0K]  resources
    └── [ 31K]  image.png

1 directory, 4 files

Remarks