thr3ads.net - samba - [Samba] Using samba4 to escalate privs. [Sep 2010]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Johan Akerstrom

2010-Sep-03 14:06 UTC

[Samba] Using samba4 to escalate privs.

Ye ol' sidHistory edit attack in new disguise using samba4. I don't
think
you can consider it to be a hack but I had a lot of fun playing about with
ldbedit. Samba4 is wikked, it really opens up AD, I had a lot of fun setting
it up. Check my blogg for my little sidHistory priv escalation tutorial
(domain admin to enterprise admin).

http://cosmoskey.blogspot.com/2010/08/online-sidhistory-edit-sid-injection.html
<http://cosmoskey.blogspot.com/2010/08/online-sidhistory-edit-sid-injection.html>
Enjoy! :)

Regards,

Johan Akerstrom

Possibly Parallel Threads

'allow trusted domains = no' and sidhistory = bad
Winbind rid + SID History creating duplicate per-user groups
winbind, sIDHistory and getpwuid problems
Is SKYPE a threat orshould wedo something(together)
Conflicts between RIDs from historical domain SIDs

Search for more apparently analagous threads

samba - Sep 2010 - Using samba4 to escalate privs.

[Samba] Using samba4 to escalate privs.

Possibly Parallel Threads

Wisdom of the Ancients