CVE-2024-20674

This is my take at an exploit of the public CVE CVE-2024-20674 to achieve Kerberos mutual authentication bypass using a logic bug in the client-side handling of Kerberos U2U TGT-REP. This can be used for instance to serve arbitrary GPOs when spoofing the DC to a client, and take control of a machine.

Pre-requisites: Network Man In the Middle, unauthenticated.

Explanation of the exploit in this paper

https://www.sstic.org/2025/presentation/l_outillage_reseau_windows_une_affaire_d_implementation/

Demo

demo_video.mp4

Warning

The demo/ folder contains GPOs that will probably destroy the client configuration (add guest user to Administrators, disable UAC, disable firewall)

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
demo/domain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}		demo/domain.local/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
README.md		README.md
demo_video.mp4		demo_video.mp4
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

CVE-2024-20674

Explanation of the exploit in this paper

Demo

Warning

About

Uh oh!

Releases

Packages

Languages

gpotter2/CVE-2024-20674

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-20674

Explanation of the exploit in this paper

Demo

Warning

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages