mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-13 14:52:53 +00:00
Find DC
This commit is contained in:
Swissky
parent
83c4658ff8
commit
e386a110d9
2 changed files with 17 additions and 0 deletions
|
|
@ -458,6 +458,14 @@ Replace the customqueries.json file located at `/home/username/.config/bloodhoun
|
|||
Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections
|
||||
```
|
||||
|
||||
### Other Interesting Commands
|
||||
|
||||
- **Find Domain Controller**
|
||||
```ps1
|
||||
nslookup domain.com
|
||||
nslookup -type=srv _ldap._tcp.dc._msdcs.<domain>.com
|
||||
```
|
||||
|
||||
## Most common paths to AD compromise
|
||||
|
||||
### MS14-068 (Microsoft Kerberos Checksum Validation Vulnerability)
|
||||
|
|
|
|||
|
|
@ -95,6 +95,15 @@ Valid pictures hosting PHP code. Upload the picture and use a local file inclusi
|
|||
- Picture Metadata, hide the payload inside a comment tag in the metadata.
|
||||
- Picture Resize, hide the payload within the compression algorithm in order to bypass a resize. Also defeating `getimagesize()` and `imagecreatefromgif()`.
|
||||
|
||||
### Picture with custom metadata
|
||||
|
||||
Create a custom picture and insert exif tag with `exiftool`. A list of multiple exif tags can be found at [exiv2.org](https://exiv2.org/tags.html)
|
||||
|
||||
```ps1
|
||||
convert -size 110x110 xc:white payload.jpg
|
||||
exiftool -Copyright="PayloadsAllTheThings" -Artist="Pentest" -ImageUniqueID="Example" payload.jpg
|
||||
```
|
||||
|
||||
### Configuration Files
|
||||
|
||||
If you are trying to upload files to a :
|
||||
|
|
|
|||
Loading…
Reference in a new issue