This commit is contained in:
Swissky 2022-07-27 17:23:30 +02:00
parent 83c4658ff8
commit e386a110d9
2 changed files with 17 additions and 0 deletions

View File

@ -458,6 +458,14 @@ Replace the customqueries.json file located at `/home/username/.config/bloodhoun
Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections
```
### Other Interesting Commands
- **Find Domain Controller**
```ps1
nslookup domain.com
nslookup -type=srv _ldap._tcp.dc._msdcs.<domain>.com
```
## Most common paths to AD compromise
### MS14-068 (Microsoft Kerberos Checksum Validation Vulnerability)

View File

@ -95,6 +95,15 @@ Valid pictures hosting PHP code. Upload the picture and use a local file inclusi
- Picture Metadata, hide the payload inside a comment tag in the metadata.
- Picture Resize, hide the payload within the compression algorithm in order to bypass a resize. Also defeating `getimagesize()` and `imagecreatefromgif()`.
### Picture with custom metadata
Create a custom picture and insert exif tag with `exiftool`. A list of multiple exif tags can be found at [exiv2.org](https://exiv2.org/tags.html)
```ps1
convert -size 110x110 xc:white payload.jpg
exiftool -Copyright="PayloadsAllTheThings" -Artist="Pentest" -ImageUniqueID="Example" payload.jpg
```
### Configuration Files
If you are trying to upload files to a :