[enhancement] Add MS-EVEN methods (CheeseOunce) #14
Comments
|
It's in the plans ;) |
p0dalirius
added
enhancement
p0dalirius
changed the title
|
Added in a8fd037
|
|
Hello, the author of the CheeseOunce recently noted on the repo: The MS-EVEN runing under the NT AUTHORITY\LOCAL SERVICE account, and this account can't provide valid credentials during network authentication so, in the NTLMRelay attacking, it can't work. Is he/she right? Or maybe partially, as it does seem to sometimes provide authentication if I believe your screenshot? If the person is right, is this still a protocol that is interesting to test for coercions? If not, shouldn't it be described in the windows-coerced-authentication-methods repo? Or maybe it is just a lack of time to do so, which I can understand! |
|
Hi, He is absolutely right and that checks out with my tests It is a lack of time, but It should be added yes :) Best regards, |
|
Oops, I didn't see that the repo had a "possible-working-calls" folder, I was only looking in the "methods" folder. Great! So, maybe that Coercer shouldn't test for MS-EVEN? To prevent users of the tool from thinking that this could lead to an authentication received, where in fact it does not provide authentication, and is therefore useless if I'm not mistaken. |
https://github.com/evilashz/CheeseOunce
The text was updated successfully, but these errors were encountered: