mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-04 18:40:41 +00:00
PR Guidelines + User Hunting + HopLa Configuration
This commit is contained in:
parent
b9e847decb
commit
fc8fadbb0c
4 changed files with 2565 additions and 2 deletions
2519
.github/hopla_config.json
vendored
Normal file
2519
.github/hopla_config.json
vendored
Normal file
File diff suppressed because it is too large
Load diff
|
@ -5,6 +5,19 @@ Feel free to improve with your payloads and techniques !
|
|||
|
||||
You can also contribute with a :beers: IRL, or using the sponsor button.
|
||||
|
||||
## Pull Requests Guidelines
|
||||
|
||||
In order to provide the safest payloads for the community, the following rules must be followed for **every** Pull Request.
|
||||
|
||||
- Payloads must be sanitized
|
||||
- Use `id`, and `whoami`, for RCE Proof of Concepts
|
||||
- Use `[REDACTED]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
|
||||
- Use `10.10.10.10` and `10.10.10.11` when the payload require IP addresses
|
||||
- Use `Administrator` for privileged users and `User` for normal account
|
||||
- Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples
|
||||
- Prefer commonly used name for machines such as `DC01`, `EXCHANGE01`, `WORKSTATION01`, etc
|
||||
- References must have an `author`, a `title` and a `link`. The `date` is not mandatory but appreciated :)
|
||||
|
||||
## Techniques Folder
|
||||
|
||||
Every section should contains the following files, you can use the `_template_vuln` folder to create a new technique folder:
|
||||
|
@ -40,6 +53,10 @@ Use the following example to create a new technique `README.md` file.
|
|||
|
||||
Quick explanation
|
||||
|
||||
### Subentry 1
|
||||
|
||||
Something about the subentry 1
|
||||
|
||||
## References
|
||||
|
||||
- [Blog title - Author, Date](https://example.com)
|
||||
|
|
|
@ -40,6 +40,7 @@
|
|||
- [Using Mimikatz DCSync](#using-mimikatz-dcsync)
|
||||
- [Using Mimikatz sekurlsa](#using-mimikatz-sekurlsa)
|
||||
- [Crack NTLM hashes with hashcat](#crack-ntlm-hashes-with-hashcat)
|
||||
- [User Hunting](#user-hunting)
|
||||
- [Password spraying](#password-spraying)
|
||||
- [Kerberos pre-auth bruteforcing](#kerberos-pre-auth-bruteforcing)
|
||||
- [Spray a pre-generated passwords list](#spray-a-pre-generated-passwords-list)
|
||||
|
@ -401,7 +402,7 @@ Replace the customqueries.json file located at `/home/username/.config/bloodhoun
|
|||
#Find local admins on all machines of the domain:
|
||||
Invoke-EnumerateLocalAdmin -Verbose
|
||||
|
||||
#Find computers were a Domain Admin OR a spesified user has a session
|
||||
#Find computers were a Domain Admin OR a specified user has a session
|
||||
Invoke-UserHunter
|
||||
Invoke-UserHunter -GroupName "RDPUsers"
|
||||
Invoke-UserHunter -Stealth
|
||||
|
@ -1294,6 +1295,32 @@ $ python2 maskgen.py hashcat.mask --targettime 3600 --optindex -q -o hashcat_1H.
|
|||
- [crackstation.net](https://crackstation.net)
|
||||
- [hashes.com](https://hashes.com/en/decrypt/hash)
|
||||
|
||||
### User Hunting
|
||||
|
||||
Sometimes you need to find a machine where a specific user is logged in.
|
||||
You can remotely query every machines on the network to get a list of the users's sessions.
|
||||
|
||||
* CrackMapExec
|
||||
```ps1
|
||||
cme smb 10.10.10.0/24 -u Administrator -p 'P@ssw0rd' --sessions
|
||||
SMB 10.10.10.10 445 WIN-8OJFTLMU1IG [+] Enumerated sessions
|
||||
SMB 10.10.10.10 445 WIN-8OJFTLMU1IG \\10.10.10.10 User:Administrator
|
||||
```
|
||||
* Impacket Smbclient
|
||||
```ps1
|
||||
$ impacket-smbclient Administrator@10.10.10.10
|
||||
# who
|
||||
host: \\10.10.10.10, user: Administrator, active: 1, idle: 0
|
||||
```
|
||||
* PowerView Invoke-UserHunter
|
||||
```ps1
|
||||
# Find computers were a Domain Admin OR a specified user has a session
|
||||
Invoke-UserHunter
|
||||
Invoke-UserHunter -GroupName "RDPUsers"
|
||||
Invoke-UserHunter -Stealth
|
||||
```
|
||||
|
||||
|
||||
### Password spraying
|
||||
|
||||
Password spraying refers to the attack method that takes a large number of usernames and loops them with a single password.
|
||||
|
|
|
@ -50,7 +50,7 @@ You want more ? Check the [Books](https://github.com/swisskyrepo/PayloadsAllTheT
|
|||
|
||||
👨💻 Contributions
|
||||
-----
|
||||
|
||||
Be sure to read [CONTRIBUTING.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CONTRIBUTING.md)
|
||||
|
||||
<p align="center">
|
||||
<a href="https://github.com/swisskyrepo/PayloadsAllTheThings/graphs/contributors">
|
||||
|
|
Loading…
Reference in a new issue