CVEs-PoC/2020/CVE-2020-17049.md

### [CVE-2020-17049](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17049)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%20version%202004&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%20version%2020H2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%2C%20version%201903%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%2C%20version%201909%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.4530%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.2061%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19041.1110%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%20publication%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.21167%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.25661%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.25661%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.23409%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.20069%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Security%20Feature%20Bypass&color=brighgreen)

### Description

<p>A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).</p><p>To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.</p><p>The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.</p>

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CompassSecurity/security_resources
- https://github.com/ErdemOzgen/ActiveDirectoryAttacks
- https://github.com/GhostPack/Rubeus
- https://github.com/KFriitz/MyRuby
- https://github.com/LPZsec/RedTeam-Articles
- https://github.com/Live-Hack-CVE/CVE-2020-17049
- https://github.com/OsandaMalith/Rubeus
- https://github.com/Pascal-0x90/Rubeus
- https://github.com/RkDx/MyRuby
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Strokekilla/Rubeus
- https://github.com/Whiteh4tWolf/Attack-Defense
- https://github.com/XTeam-Wing/Hunting-Active-Directory
- https://github.com/ZyberPatrol/Active-Directory
- https://github.com/alphaSeclab/sec-daily-2020
- https://github.com/aymankhder/AD-attack-defense
- https://github.com/aymankhder/security_resources
- https://github.com/bhataasim1/AD-Attack-Defence
- https://github.com/hackeremmen/Active-Directory-Kill-Chain-Attack-Defense-
- https://github.com/iamramahibrah/AD-Attacks-and-Defend
- https://github.com/infosecn1nja/AD-Attack-Defense
- https://github.com/kas0n/RedTeam-Articles
- https://github.com/mandradets/Maritest2
- https://github.com/merlinepedra/RUBEUS
- https://github.com/merlinepedra/RUBEUS-1
- https://github.com/merlinepedra25/RUBEUS
- https://github.com/merlinepedra25/RUBEUS-1
- https://github.com/mishmashclone/infosecn1nja-AD-Attack-Defense
- https://github.com/nadeemali79/AD-Attack-Defense
- https://github.com/orgTestCodacy11KRepos110MB/repo-3423-Pentest_Note
- https://github.com/paramint/AD-Attack-Defense
- https://github.com/pwnlog/PAD
- https://github.com/pwnlog/PuroAD
- https://github.com/pwnlog/PurpAD
- https://github.com/qobil7681/Password-cracker
- https://github.com/retr0-13/AD-Attack-Defense
- https://github.com/select-ldl/word_select
- https://github.com/suzi007/RedTeam_Note
- https://github.com/svbjdbk123/ReadTeam
- https://github.com/syedrizvinet/lib-repos-Rubeus
- https://github.com/trhacknon/Rubeus
- https://github.com/willemhenrickx/Rubeus-private
- https://github.com/xiaoy-sec/Pentest_Note
- https://github.com/yovelo98/OSCP-Cheatsheet