In Windows active directory environment, PAC stands for privilege attribute certificate which stores information about the user privileges, permissions and groups. When it’s send to the key distribution center it gets signed with a secret key and based on that the user privileges are determined.

MS14-068 is a vulnerability that affects the PAC component and impacted Windows server 2012 R2 and prior versions. It allows an attacker to create forged or fake PAC with administrative privileges and send it to the Kerberos key distribution center which then logs the attacker as the domain admin.

In this port, We covered the privilege attribute certificate vulnerability that affected windows server 2012 R2 and previous versions. We used HackTheBox Mantis as a lab material for demonstration.


OSCP Certificate Notes

Windows Active Directory Penetration Testing Study Notes

Using Impacket tools and specifically goldenpac.py we can craft a command such as the below one to gain a shell with administrative privileges

python goldenPac.py -dc-ip [ip] -target-ip [ip] DC-domain-name/username@target-computer-name

Download HackTheBox Mantis learning material in PDF

Video Walk-through

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles