Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
Criminals are thinking about how else to increase privileges on Windows systems.
Experts have discovered a sophisticated method of privilege escalation in Windows domain environments. This unique hacking technique, called DHCP Coerce, allows hackers to use legitimate rights to gain full control over corporate networks.
The DHCP protocol automatically assigns IP addresses to simplify network connection management. However, the function also opens up opportunities for malicious actions. Attackers can abuse the authority of DHCP administrators, make changes to protocol settings, and run malicious scripts.
After obtaining elevated rights, attackers can completely take over the domain, manipulating any data at their discretion. An alarming fact is that this vulnerability can be exploited remotely, without physical access to the computer.
The Coerce DHCP hacking technique is based on manipulating the DHCP options that allow you to change important settings. For example, the Proxy autodiscovery option can be used to compromise client credentials by configuring a web proxy.
The key point of the attack is to modify the DNS Server option and redirect DHCP DNS Dynamic Updates to an address that is controlled by the attacker. This forces the DHCP server to authenticate via Kerberos, which can then be intercepted by an attacker.
If a DHCP server compromised in this way is installed on a domain controller (which is a common scenario for 57% of the networks studied), a direct path opens up to complete compromise of the entire domain.
To protect against the vulnerability, the researchers recommend several countermeasures. First, you need to carefully check any risky DHCP settings on your corporate network. Second, you should use special tools to block relay attacks on Active Directory services .
It is also important to limit the number of people in the group of DHCP administrators, giving them minimal privileges. Segmenting the network into isolated parts will increase overall security. And regular monitoring of DNS performance will allow you to detect anomalies in a timely manner.
Experts have discovered a sophisticated method of privilege escalation in Windows domain environments. This unique hacking technique, called DHCP Coerce, allows hackers to use legitimate rights to gain full control over corporate networks.
The DHCP protocol automatically assigns IP addresses to simplify network connection management. However, the function also opens up opportunities for malicious actions. Attackers can abuse the authority of DHCP administrators, make changes to protocol settings, and run malicious scripts.
After obtaining elevated rights, attackers can completely take over the domain, manipulating any data at their discretion. An alarming fact is that this vulnerability can be exploited remotely, without physical access to the computer.
The Coerce DHCP hacking technique is based on manipulating the DHCP options that allow you to change important settings. For example, the Proxy autodiscovery option can be used to compromise client credentials by configuring a web proxy.
The key point of the attack is to modify the DNS Server option and redirect DHCP DNS Dynamic Updates to an address that is controlled by the attacker. This forces the DHCP server to authenticate via Kerberos, which can then be intercepted by an attacker.
If a DHCP server compromised in this way is installed on a domain controller (which is a common scenario for 57% of the networks studied), a direct path opens up to complete compromise of the entire domain.
To protect against the vulnerability, the researchers recommend several countermeasures. First, you need to carefully check any risky DHCP settings on your corporate network. Second, you should use special tools to block relay attacks on Active Directory services .
It is also important to limit the number of people in the group of DHCP administrators, giving them minimal privileges. Segmenting the network into isolated parts will increase overall security. And regular monitoring of DNS performance will allow you to detect anomalies in a timely manner.
