Skip to content

Commit 149d641

Browse files
committed
Fixing linter errors
1 parent 3de72a8 commit 149d641

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

  • submissions/description/active_directory/kerberos_abuse

submissions/description/active_directory/kerberos_abuse/template.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,14 @@
1-
Kerberos is the default authentication protocol in Active Directory environments. Misconfigurations such as unconstrained delegation, weak service account passwords with registered SPNs, and disabled preauthentication each provide a distinct attack path. An attacker can exploit these weaknesses to extract Ticket Granting Tickets from delegated servers, crack service ticket encryption offline to recover service account passwords, or request AS-REP hashes for accounts without preauthentication.
1+
Kerberos is the default authentication protocol in Active Directory environments. Misconfigurations such as unconstrained delegation, weak service account passwords with registered SPNs, and disabled pre-authentication each provide a distinct attack path. An attacker can exploit these weaknesses to extract Ticket Granting Tickets from delegated servers, crack service ticket encryption offline to recover service account passwords, or request AS-REP hashes for accounts without pre-authentication.
22

33
**Business Risk**
44

55
Kerberos abuse can result in credential theft, privilege escalation, and full domain compromise depending on the specific misconfiguration. This could result in financial losses, damage to the organization's reputation, and erosion of customer trust, especially if sensitive customer information is compromised.
66

77
**Steps to Reproduce**
88

9-
<Provide numbered steps to reproduce this issue in the context of the in-scope domain>
9+
1. Enumerate the Kerberos misconfiguration in {{domain_name}} using {{enumeration_tool}} against {{domain_controller}}
10+
1. Identify the target account or system at {{target}} with {{kerberos_weakness}}
11+
1. Exploit the identified weakness using {{exploitation_tool}} to obtain {{ticket_or_hash}}
1012

1113
**Proof of Concept (PoC)**
1214

0 commit comments

Comments
 (0)