Hey friends! In today’s Tuesday TOOLSday I demonstrate an attack that I thought Windows 11 and higher was hardened against. On many a internal pentest you might find a Windows system with WebClient enabled - thus (potentially) opening the opportunity to coerce authentication out of that system with a relay attack, thus giving you excessive rights on that victim machine.
My understanding as of a few months ago, though, is that Windows 11 OS and greater were immune to that type of coercion. Turns out I was wrong - check out https://github.com/Hypnoze57/rpc2efs and today’s video to see Windows 11 coercion in action!
Thanks,
Brian
