关联漏洞
标题:
Microsoft Windows Kerberos 安全漏洞
(CVE-2024-20674)
描述:Microsoft Windows Kerberos是美国微软(Microsoft)公司的一个用于在网络集群中进行身份验证的软件。Kerberos 同时作为一种网络认证协议,其设计目标是通过密钥系统为客户机/服务器应用程序提供强大的认证服务。 Microsoft Windows Kerberos存在安全漏洞。攻击者利用该漏洞可以绕过某些功能。以下产品和版本受到影响:Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows
介绍
# CVE-2024-20674
This is my take at an exploit of the public CVE CVE-2024-20674 to achieve Kerberos mutual authentication bypass using a logic bug in the client-side handling of Kerberos U2U TGT-REP.
This can be used for instance to serve arbitrary GPOs when spoofing the DC to a client, and take control of a machine.
**Pre-requisites**: Network Man In the Middle, unauthenticated.
### Explanation of the exploit in this paper
https://www.sstic.org/2025/presentation/l_outillage_reseau_windows_une_affaire_d_implementation/
### Demo
https://github.com/user-attachments/assets/6dc25e26-b42a-41a0-bc73-8fc4a0a0c5ee
### Warning
The demo/ folder contains GPOs that will probably destroy the client configuration (add guest user to Administrators, disable UAC, disable firewall)
文件快照
[4.0K] /data/pocs/739c5940514475f713668e382cc31e029528a024
├── [4.0K] demo
│ └── [4.0K] domain.local
│ └── [4.0K] Policies
│ └── [4.0K] {31B2F340-016D-11D2-945F-00C04FB984F9}
│ ├── [ 27] gpt.ini
│ └── [4.0K] Machine
│ ├── [4.0K] Microsoft
│ │ └── [4.0K] Windows NT
│ │ └── [4.0K] SecEdit
│ │ └── [1.8K] GptTmpl.inf
│ ├── [3.5K] registry.pol
│ └── [4.0K] Scripts
│ └── [ 0] scripts.ini
├── [6.0M] demo_video.mp4
├── [7.8K] exploit.py
└── [ 783] README.md
9 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。