Learn tricks and techniques like these, with us, in our amazing training courses!
https://flashback.sh/training

This short video demonstrates the exploitation of a vulnerability we found during a penetration test of a major financial institution in 2022.
The vulnerability is in the ManageEngine ADSelfService Plus GINA agent, which allows Active Directory domain users to reset passwords in the Windows login screen.
Using the tricks shown in the video, we're able to get a pre-authentication SYSTEM shell!

Why would this be useful if an attacker already has physical access to a computer? There's many possible scenarios, but here are two:
1. A malicious employee that only has user level access to the computer (non administrator) can use this to escalate their privileges to SYSTEM, and from them on attack the rest of the corporate network.
2. A thief or hacker that is able to obtain a booted but logged out computer can now use this to get full access to it.

This vulnerability is tracked as CVE-2023-35719 / ZDI-23-891 and was disclosed by the Zero Day Initiative on 2023-06-21 as a zero day, which is confirmed to affect all ADSelfService Plus versions from at least v4.2.9 up to and including the latest 6.3.

For more information check the advisory:
https://github.com/pedrib/PoC/blob/ma...

Did you enjoy this video? Then follow us on Twitter, and subscribe to our channel for more awesome hacking videos.

~ Flashback Team
https://flashback.sh
  / flashbackpwn  

Background track: "Hackers" by Karl Casey @WhiteBatAudio ​