.. / CVE-2022-26923

Exploit for Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)

Description:

The vulnerability allowed a low-privileged user to escalate privileges to domain administrator in a default Active Directory environment with the Active Directory Certificate Services (AD CS) server role installed.

Proof of Concept

PoC exploit

https://github.com/Gh-Badr/CVE-2022-26923

Try the exploit in a lab environment:

Lab	Machine	Link
Hack The Box	Coder	Go to Practice

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-26923
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-26923
https://www.hackthebox.com/blog/cve-2022-26923-certifried-explained

.. / CVE-2022-26923 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2022-26923)

Description:

Proof of Concept

PoC exploit

Try the exploit in a lab environment:

.. / CVE-2022-26923