You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've had success in the past exploiting ESC8, but I recently came across an Apache Solr instance that is vulnerable to SMB coercion. When setting up the relay command for ESC8 nothing ever comes through.
The instance attempts to connect to my machine without credentials if I run the following command:
impacket-smbserver -smb2support share share
However when I force authentication (which certipy has no option built-in to do this), I get the machine hash multiple times:
I've had success in the past exploiting ESC8, but I recently came across an Apache Solr instance that is vulnerable to SMB coercion. When setting up the relay command for ESC8 nothing ever comes through.
The instance attempts to connect to my machine without credentials if I run the following command:
However when I force authentication (which certipy has no option built-in to do this), I get the machine hash multiple times:
I can also automatically receive the hash with Responder.
Any way Certipy could be modified to force authentication from SMB coercion?
The text was updated successfully, but these errors were encountered: