code-scan starred WebclientServiceScanner
2021-08-01 23:01:11 Author: github.com(查看原文) 阅读量:32 收藏

Example

Python tool to Check running WebClient services on multiple targets based on @tifkin_ idea.

This tool uses impacket project.

Usage

webclientservicescanner hackn.lab/user:[email protected]/24

Provided credentials will be tested against a domain controller before scanning so that a typo in the domain/username/password won't lock out the account. If you want to bypass this check, just use -no-validation flag.

Exploitation

Green entries mean that WebDav client is active on remote host. Using PetitPotam or PrinterBug, an HTTP authentication can be coerced and relayed to LDAP(S) on domain controllers. This relay can use RBCD or KeyCredentialLink abuse to compromise relayed host.

For more info about relaying, you can check out https://en.hackndo.com/ntlm-relay/


文章来源: https://github.com/Hackndo/WebclientServiceScanner
如有侵权请联系:admin#unsafe.sh