kqjy/Offensive-Security-Cheat-Sheet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Joe Totes
2022-09-05 10:54:14 -04:00
committed by GitHub
parent 2a47311fe4
commit 41549b37a3
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@@ -418,6 +418,9 @@ snmpwalk -c public -v1 {IP ADDRESS} 1.3.6.1.2.1.25.6.3.1.2
```bash ```bash
# Enumforlinux
enum4linux -U {IP ADDRESS}
# ldap search # ldap search
ldapsearch -H ldap://{IP ADDRESS} -x -s base ldapsearch -H ldap://{IP ADDRESS} -x -s base
@@ -426,10 +429,10 @@ ldapsearch -H ldap://{IP ADDRESS} -x -b "{DC NAMING CONTEXT}"
# ldap DC people dump # ldap DC people dump
ldapsearch -H ldap://{IP ADDRESS} -x -b "{DC NAMING CONTEXT}" '(objectClass=Person)' ldapsearch -H ldap://{IP ADDRESS} -x -b "{DC NAMING CONTEXT}" '(objectClass=Person)'
ldapsearch -H ldap://{IP ADDRESS} -x -b "{DC NAMING CONTEXT}" '(objectClass=user)' ldapsearch -H ldap://{IP ADDRESS} -x -b "{DC NAMING CONTEXT}" '(objectClass=User)'
# ldap account name list # ldap account name list
ldapsearch -H ldap://{IP ADDRESS} -x -b "{DC NAMING CONTEXT}" '(objectClass=user)' sAMAccountName |grep sAMAccountName ldapsearch -H ldap://{IP ADDRESS} -x -b "{DC NAMING CONTEXT}" '(objectClass=User)' sAMAccountName |grep sAMAccountName
``` ```
## SMB [445] ## SMB [445]
@@ -446,18 +449,21 @@ smbclient -L {IP ADDRESS}
# Authenticate with local credentials # Authenticate with local credentials
smbclient -N \\\\{IP ADDRESS}\\{SHARE} smbclient -N \\\\{IP ADDRESS}\\{SHARE}
# Recursively show sub directories of share
smbclient \\\\{IP ADDRESS}\\{SHARE} -c 'recurse;ls'
# Authenticate with Administrator # Authenticate with Administrator
smbclient -N \\\\{IP ADDRESS}\\{SHARE} -U Administrator smbclient -N \\\\{IP ADDRESS}\\{SHARE} -U Administrator
# Recursively show sub directories of share
smbclient \\\\{IP ADDRESS}\\{SHARE} -c 'recurse;ls'
# Recursively show all readable files and shares # Recursively show all readable files and shares
smbmap -H {IP ADDRESS} -u anonymous -R smbmap -H {IP ADDRESS} -u anonymous -R
# Brute force SMB user and password list # Brute force SMB user and password list
crackmapexec smb {IP ADDRESS} -u {USER.txt} -p {PASSWORDS.txt} --shares --continue-on-success crackmapexec smb {IP ADDRESS} -u {USER.txt} -p {PASSWORDS.txt} --shares --continue-on-success
# Null authentication attempt
crackmapexec smb {IP ADDRESS} --pass-pol
# Mount SMB Drive # Mount SMB Drive
sudo mount -t cifs //{IP ADDRESS}/{SHARE} /mnt/{SHARE}/ sudo mount -t cifs //{IP ADDRESS}/{SHARE} /mnt/{SHARE}/
sudo mount -t cifs -o 'username={USERNAME},password={PASSWORD}' //{IP ADDRESS}/{SHARE} /mnt/{SHARE}/ sudo mount -t cifs -o 'username={USERNAME},password={PASSWORD}' //{IP ADDRESS}/{SHARE} /mnt/{SHARE}/