Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-12 22:33:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Active Directory Attack.md

Browse source 
Correcting typo
Removing dead website
Adjusting techniques
This commit is contained in:
clem9669 2022-01-18 22:52:58 +01:00 committed by GitHub
parent c89976d1b0
commit 76ec08cfb4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
Methodology and Resources/Active Directory Attack.md
View file

@ -1254,14 +1254,15 @@ Useful when you want to have the clear text password or when you need to make st
Recommended wordlists: Recommended wordlists:
- rockyou (available in Kali Linux) - rockyou (available in Kali Linux)
- Have I Been Powned (https://hashes.org/download.php?hashlistId=7290&type=hfound) - Have I Been Pwned founds (https://hashmob.net/hashlists/info/4169-Have%20I%20been%20Pwned%20V8%20(NTLM))
- Collection #1 (passwords from Data Breaches, might be illegal to possess) - Weakpass.com
- Read More at [Methodology and Resources/Hash Cracking.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Hash%20Cracking.md)
```powershell ```powershell
# Basic wordlist # Basic wordlist
# (-O) will Optimize for 32 characters or less passwords # (-O) will Optimize for 32 characters or less passwords
# (-w 4) will set the workload to "Insane" # (-w 4) will set the workload to "Insane"
$ hashcat64.exe -m 1000 -w 4 -O -a 0 -o pathtopotfile pathtohashes pathtodico -r ./rules/best64.rule --opencl-device-types 1,2 $ hashcat64.exe -m 1000 -w 4 -O -a 0 -o pathtopotfile pathtohashes pathtodico -r myrules.rule --opencl-device-types 1,2
# Generate a custom mask based on a wordlist # Generate a custom mask based on a wordlist
$ git clone https://github.com/iphelix/pack/blob/master/README $ git clone https://github.com/iphelix/pack/blob/master/README
@ -1270,7 +1271,9 @@ $ python2 maskgen.py hashcat.mask --targettime 3600 --optindex -q -o hashcat_1H.
``` ```
:warning: If the password is not a confidential data (challenges/ctf), you can use online "cracker" like : :warning: If the password is not a confidential data (challenges/ctf), you can use online "cracker" like :
- [hashes.org](https://hashes.org/check.php) - ~~[hashes.org](https://hashes.org/check.php)~~
- [hashmob.net](https://hashmob.net)
- [crackstation.net](https://crackstation.net)
- [hashes.com](https://hashes.com/en/decrypt/hash) - [hashes.com](https://hashes.com/en/decrypt/hash)
### Password spraying ### Password spraying
@ -3464,4 +3467,4 @@ CME 10.XXX.XXX.XXX:445 HOSTNAME-01 [+] DOMAIN\COMPUTER$ 31d6cfe0d16ae
* [sAMAccountName spoofing - The Hacker Recipes](https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing) * [sAMAccountName spoofing - The Hacker Recipes](https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing)
* [CVE-2021-42287/CVE-2021-42278 Weaponisation - @exploitph](https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html) * [CVE-2021-42287/CVE-2021-42278 Weaponisation - @exploitph](https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html)
* [ADCS: Playing with ESC4 - Matthew Creel](https://www.fortalicesolutions.com/posts/adcs-playing-with-esc4) * [ADCS: Playing with ESC4 - Matthew Creel](https://www.fortalicesolutions.com/posts/adcs-playing-with-esc4)
* [The Kerberos Key List Attack: The return of the Read Only Domain Controllers - Leandro Cuozzo](https://www.secureauth.com/blog/the-kerberos-key-list-attack-the-return-of-the-read-only-domain-controllers/) * [The Kerberos Key List Attack: The return of the Read Only Domain Controllers - Leandro Cuozzo](https://www.secureauth.com/blog/the-kerberos-key-list-attack-the-return-of-the-read-only-domain-controllers/)