Explain Badlock and its use.
A while back there was an announcement for the disclosure of a security vulnerability named "Badlock" - including this fancy name and a logo.
How can an attacker gain administrator access by exploiting Badlock?, or formulated slightly differently: How does badlock work?
How could I mitigate it if there was no patch?
Badlock was massively overhyped and, it turns out, the name has nothing at all to do with the vulnerability (it has nothing to do with bad locking, mutexes, or anything of the sort). It requires a man-in-the-middle attack to carry out, and allows an attacker to execute arbitrary Samba network calls using the context of the intercepted user. The attacker will gain read and write access to the SAM database and will have access to password hashes, which they can use to elevate privileges.
The vulnerability is CVE-2016-2118. According to its description page:
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."