TAKEOVER-3 requirements error?

subat0mik / Misconfiguration-Manager

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

https://misconfigurationmanager.com

GNU General Public License v3.0

710 stars 73 forks source link

TAKEOVER-3 requirements error? #28

Closed johnmccash closed 7 months ago

johnmccash commented 7 months ago

For TAKEOVER-3, TAKEOVER-8:

Domain controller settings: RestrictNTLMInDomain = 0 or not present, or is configured with any value and DCAllowedNTLMServers contains coercion target LmCompatibilityLevel < 5 or not present, or = 5 and LmCompatibilityLevel >= 3 on the coercion target

I'm assuming that should be "LmCompatibilityLevel <= 3 on the coercion target"?

johnmccash commented 7 months ago

Oops... It is actually greater than. if the domain controller requires NTLMv2 and explicitly refuses LM and NTLM (LmCompatibilityLevel = 5) and the coercion target only supports LM/NTLM (LmCompatibilityLevel <= 2), then the domain controller won't be able to receive the NTLM authentication request from the coercion target and the attack won't work.