CRED-2 - Policy Request Credentials
Last updated
Was this helpful?
Last updated
Was this helpful?
Request computer policy and deobfuscate secrets
PKI certificates are not required for client authentication
Additionally, any of the below requirements can be met to perform this attack.
Domain Computer credentials
The ability to create computer objects (MachineAccountQuota)
Local administrator on a SCCM client
If you are a local administrator or running as SYSTEM on a SCCM client. We can simply request the computer policy without specifying any credentials
If we have a password for a domain computer account we can use this directly with SharpSCCM to register a new device
Create new machine account with Powermad
Use SharpSCCM to request policy for the new account
This will create a device object within SCCM. Ensure that when on an engagement, the client is informed and request for it to be deleted once completed.