Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sekeleton Key Scan in upgraded environments #2

Open
bluecurby opened this issue Jan 6, 2019 · 1 comment
Open

Sekeleton Key Scan in upgraded environments #2

bluecurby opened this issue Jan 6, 2019 · 1 comment

Comments

@bluecurby
Copy link

Hi,
at first awesome tool.
I encountered an issue with the skeleton key scan. In an upgraded domain (e.g. from 2003 to 2008) it can happen that systems didn't logged in since the upgrade, hence they don't support Encryption-Type 0x12 (AES-256). As your scan picks an arbitrary system it can lead to false-positives.
A solution could be to check if the system has a lastlogontimestamp < 14 days.

Cheers
@Hechtov
Copy link
Collaborator

Hechtov commented Jan 28, 2019

Thank you @bluecurby for the good feedback and the reported issue.
zBang focuses on scanning modern network with domain level 2008/2012/2016+.
Your scenario is indeed interesting, and it bypasses an existing filter that we have implemented in the code on searching only updated domain levels.
We assume this scenario is specific and not so popular, nevertheless we are planning to address this issue in a future zBang version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Hechtov @bluecurby