An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
PoC: CVE-2022-26923_AD-Certificate-Services
The vulnerability allowed a low-privileged user to escalate privileges to domain administrator in a default Active Directory environment with the Active Directory Certificate Services (AD CS) server role installed.
PoC: TryHackMe-CVE-2022-26923
Walkthrough on the exploitation of CVE-2022-26923, a vulnerability in AD Certificate Services
PoC: PIGADVulnScanner
检测域内常见一把梭漏洞,包括:NoPac、ZeroLogon、CVE-2022-26923、PrintNightMare
PoC: CVE-2022-26923
Automated CVE-2022-26923 Exploitation (Certifried)
PoC: CVE-2022-26923
Exploitation de CVE-2022-26923
PoC: CVE-2022-26923-rayng
Exploitation for CVE-2022-26923
PoC: CVE-2022-26923
A proof of concept exploiting CVE-2022-26923.
PoC: CVE-2022-26923-Powershell-POC
A powershell poc to load and automatically run Certify and Rubeus from memory.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free