In Windows active directory environment, PAC stands for privilege attribute certificate which stores information about the user privileges, permissions and groups. When it’s send to the key distribution center it gets signed with a secret key and based on that the user privileges are determined.

MS14-068 is a vulnerability that affects the PAC component and impacted Windows server 2012 R2 and prior versions. It allows an attacker to create forged or fake PAC with administrative privileges and send it to the Kerberos key distribution center which then logs the attacker as the domain admin.

In this port, We covered the privilege attribute certificate vulnerability that affected windows server 2012 R2 and previous versions. We used HackTheBox Mantis as a lab material for demonstration.

OSCP Certificate Notes

Windows Active Directory Penetration Testing Study Notes

Using Impacket tools and specifically we can craft a command such as the below one to gain a shell with administrative privileges

python -dc-ip [ip] -target-ip [ip] DC-domain-name/username@target-computer-name

Download HackTheBox Mantis learning material in PDF

Video Walk-through

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles