In Windows active directory environment, PAC stands for privilege attribute certificate which stores information about the user privileges, permissions and groups. When it’s send to the key distribution center it gets signed with a secret key and based on that the user privileges are determined.

MS14-068 is a vulnerability that affects the PAC component and impacted Windows server 2012 R2 and prior versions. It allows an attacker to create forged or fake PAC with administrative privileges and send it to the Kerberos key distribution center which then logs the attacker as the domain admin.

In this port, We covered the privilege attribute certificate vulnerability that affected windows server 2012 R2 and previous versions. We used HackTheBox Mantis as a lab material for demonstration.

Get OSCP Certificate Notes

Using Impacket tools and specifically goldenpac.py we can craft a command such as the below one to gain a shell with administrative privileges

python goldenPac.py -dc-ip [ip] -target-ip [ip] DC-domain-name/username@target-computer-name

Download HackTheBox Mantis learning material in PDF

Video Walk-through

https://www.youtube.com/watch?v=bssumP9n5Tk
, , ,
Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles