The noPac tool is specifically created to exploit CVE-2021-42278 and CVE-2021-42287, with the goal of impersonating a Domain Administrator (DA) from a regular domain user account. It enables attackers to abuse these vulnerabilities to escalate their privileges, potentially gaining unauthorized access and control within a Windows Active Directory environment. These vulnerabilities are security concerns that have been identified and should be addressed by security professionals to prevent such exploitation.
Usage
· The tool accepts a number of authentication settings, options, and positional inputs.
· Examples show how to accomplish tasks like dumping hashes, dropping a shell, and obtaining a service ticket (TGS).
· It allows you to define the target machine name, target domain NetBIOS name, target username to mimic, and more.
· Debugging mode, timestamping, requiring a password change, making a child account, and performing SMB communication options are among the available possibilities.
Examples
Get Service Ticket:
Auto Get Shell:
Dump Hash:
Scanner:
Methods for Exploitation
Method 1: Find the computer that can be modified by the current user.
Use AdFind.exe with a specific filter:
Example Exploitation:
Warning: Do not modify the password of the computer in the domain through ldaps or samr, as it may break the trust relation ship between the computer and the primary domain.
Method 2: Find Create Child account and use the account to exploit.
Use AdFind.exe with a specific filter:
Example Exploitation
Detections
1. The tool exploits LDAP queries for abuse, which may not be easily detectable.
2. Detection methods could involve monitoring for unusual LDAP queries or traffic to a system.
