https://zachgrace.com/tags/kali/Recent content in Kali on Zach GraceHugoen-usSun, 14 Dec 2014 00:00:00 +0000https://zachgrace.com/posts/exploiting-ms14-068/Sun, 14 Dec 2014 00:00:00 +0000https://zachgrace.com/posts/exploiting-ms14-068/<p>Here’s a quick writeup of exploiting MS14-068 using <a href="https://github.com/bidord/pykek">PyKEK</a> and <a href="https://www.kali.org/">Kali</a>.</p> <h2 id="kali-prepwork">Kali Prepwork</h2> <h3 id="install-and-configure-kerberos">Install and Configure Kerberos</h3> <p>Install kerberos:</p> <p><code>apt-get install krb5-user krb5-config</code></p> <p>Create relevant kerberos config changes in <code>/etc/krb5.conf</code>:</p> <pre>[libdefaults] default_realm = pwn3d.local [realms] pwn3d.local = { kdc = dc1.pwn3d.local admin_server = dc1.pwn3d.local default_domain = pwn3d.local }</pre> <p>Point DNS to the DNS Server/domain controller so SRV records (e.g. _kerberos._tcp.*) will resolve correctly in <code>/etc/resolv.conf</code>.</p> <p>According to the TrustedSec <a href="https://www.trustedsec.com/december-2014/ms14-068-full-compromise-step-step/">blog</a>, you&rsquo;ll need to sync time with the domain controller. During my testing I didn&rsquo;t perform any syncing and had no issues.</p>