I like making computers misbehave. Does stuff at https://t.co/QNnNEUAP6n.
Jul 24, 2021 • 7 tweets • 3 min read
AD CS HTTP endpoint not available to abuse ESC8 with #PetitPotam? WebDAV + NTLM relay to LDAP is an option (use the forward slash trick). WebDAV abuse comes with constraints, the largest being the WebClient service does not run by default on workstations/servers.
For local priv esc on workstations, you can start the WebClient service using a @tiraniddo trick: tiraniddo.dev/2015/03/starti…