Abstract:
Have you ever wanted to know how the MS-RPRN Print Spooler service can lead to local admin? Do you know what Microsoft EFS is? This will be a live demo of coerced authentication resulting in a silver ticket which can be used to get domain admin. This demo will show how both Print Spooler and Petite Potam can be abused in modern environments, and why NTLMv1 guarantees compromise. Cracking with Hashcat, and crack.sh will be covered, as well as NTLMv2 relay without MIC protections.