Skip to content

Updated version for the tool UltraRealy with support of the CVE-2019-1040 exploit

Notifications You must be signed in to change notification settings

lazaars/UltraRealy_with_CVE-2019-1040

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

UltraRelay Updated by Lazaar Sami for the exploit CVE-2019-1040

UltraRelay is a tool for LLMNR poisoning and relaying NTLM credentials. It is based on Responder and impack.

I have updated the original version (https://github.com/5alt/ultrarelay) for the exploit CVE-2019-1040. Dirk-jan Mollema has updated ntlmrelayx (part of https://github.com/CoreSecurity/impacket) to have a --remove-mic flag, which exploits CVE-2019-1040 based on the technical description by the Preempt researchers (https://blog.preempt.com/drop-the-mic) see https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin/ Especially, this tool can be used to relay credentials from JAVA http request to local SMB server and achieve RCE.

Dependency

Ussage

from the original version https://github.com/5alt/ultrarelay Thunks to Jianing Wang and Junyu Zhou python ultrarelay.py -ip 192.168.1.100

Value of the ip argument is attacker's ip address.

For the exploit CVE-2019-1040 i have added the flags --remove-mic ( Remove MIC to bypass the latest NTLM mitigation, see https://blog.preempt.com/drop-the-mic) and the flag -remove-target to remove the target in the challenge message (in case CVE-2019-1019 patch is not installed), inspired from the new version of ntlmrelayx updated by Dirk-jan Mollema (https://github.com/CoreSecurity/impacket) Ex: python ultrarelay.py -ip 192.168.1.3 --remove-mic --escalate-user ntu -t ldap://s2016dc.testsegment.local -smb2support

Demo video

https://www.youtube.com/watch?v=VyoyA2GgKck

Contact

Lazaar sami, lazaars@gmail.com"# UltraRealy_with_CVE-2019-1040"

About

Updated version for the tool UltraRealy with support of the CVE-2019-1040 exploit

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages