SCCM Relay Exploit Workflow
- Use the auxiliary/admin/dcerpc/samr_account module to create a new computer account for testing the relay
- Use the auxiliary/gather/ldap_query to enumerate SCCM target information
- Use the new auxiliary/server/relay/relay_get_naa_credentials module to attack SCCM
- For demonstration or testing purposes, use net use to trigger an authentication attempt to Metasploit
SMB to LDAP Relaying Workflow followed by ESC15 exploitation