Skeleton Key on "MSV" SSP
MarcoZufferli opened this issue · 1 comments
Hello!
i'm studying the Skeleton Key Attack, in the original paper (https://www.virusbulletin.com/uploads/pdf/magazine/2016/vb201601-skeleton-key.pdf) they described that this attack is able to modify both SSP "MSV" (NTLM Authentication) & "kerberos.dll" (Kerberos Authentication) installing a backdoor inside these protocols.
But in my test with "misc::skeleton" it appears that Mimikatz modifies only the SSP "Kerberos.dll", i tried with:
net use (wireshark says it use Kerberos) and it works
psexec of sysinternal (wireshark says it use Kerberos) and it works
Enter-PSSession (wireshark says it use Kerberos) and it works
Can you please tell me if I'm wrong?
On my Kali using "psexec" of Impacket (or also crackmapexec) (wireshark says it use NTLM) and it NOT works as you can see in the screenshot.
crackmapexec
uses NTLM authentication by default.
To force Kerberos authentication, add -k
or --kerberos
to your crackmapexec
command.