PenTest – Active Directory – Tricks
|Kerberos Clock Synchronization
In Kerberos, time is used to ensure that tickets are valid. To achieve this, the clocks of all Kerberos clients and servers in a realm must be synchronized to within a certain tolerance. The default clock skew tolerance in Kerberos is 5 minutes
, which means that the difference in time between the clocks of any two Kerberos entities should be no more than 5 minutes.
- Detect clock skew automatically with
nmap
- Compute yourself the difference between the clocks
- Fix #1: Modify your clock
- Fix #2: Fake your clock
References
- BUILDING AND ATTACKING AN ACTIVE DIRECTORY LAB WITH POWERSHELL – @myexploit2600 & @5ub34x
- Becoming Darth Sidious: Creating a Windows Domain (Active Directory) and hacking it – @chryzsh
- Chump2Trump – AD Privesc talk at WAHCKon 2017 – @l0ss
- How to build a SQL Server Virtual Lab with AutomatedLab in Hyper-V – October 30, 2017 – Craig Porteous