CVE-2024-3183 PoC — Red Hat FreeIPA 安全漏洞

Source

https://github.com/Cyxow/CVE-2024-3183-POC

Associated Vulnerability

Title:Red Hat FreeIPA 安全漏洞 (CVE-2024-3183)
Description:Red Hat FreeIPA是美国红帽（Red Hat）公司的一套集成的安全信息管理解决方案。该产品主要为Linux和Unix计算机网络提供身份管理、策略管理和审计管理（IPA）等功能。 Red Hat FreeIPA存在安全漏洞，该漏洞源于攻击者可通过暴力攻击来查找密码。

Description

POC for CVE-2024-3183 (FreeIPA Rosting)

Readme

# CVE-2024-3183-POC
POC for CVE-2024-3183 (FreeIPA Rosting)

Impact:
A low-privileged user can obtain a hash of the passwords of all domain users and perform offline brute force (kerberoasting).

## POC:
1) First, let's request a TGT ticket for an already compromised user "admin".
![foto1](https://github.com/user-attachments/assets/c7935c7f-d978-4e34-b309-eba1c2d9c7db)
2) Secondly, we will find out the salt of the "admin" user:
![foto2](https://github.com/user-attachments/assets/32a7b926-ed49-4a4f-81b6-91e06a86c04a)
3) Get TGS for "admin":

![foto](https://github.com/user-attachments/assets/71f31595-ca1b-492d-8ef4-98071c11e85b)
![foto3](https://github.com/user-attachments/assets/6b4bcc3a-3b2d-4b5f-abf9-dd69853b844c)
5) Use python script (or hashcat mod 19800 with specific salt) for brute force TGS
![foto4](https://github.com/user-attachments/assets/6fb2983a-cd93-4858-8f87-93cde0a7c20e)

1 - TGS,
2 - SALT,
3 - Passwords.

5) Congratulations, we now have the user password “admin”.

File Snapshot


 [4.0K]  /data/pocs/47e3d22332e6bf3433bf8befcbf7ecc05d8b1a60
├── [ 26K]  crypto.py
├── [3.2K]  main.py
└── [ 998]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!