mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-11-14 00:47:20 +00:00
PR Guidelines + User Hunting + HopLa Configuration
This commit is contained in:
parent
b9e847decb
commit
fc8fadbb0c
4 changed files with 2565 additions and 2 deletions
2519
.github/hopla_config.json
vendored
Normal file
2519
.github/hopla_config.json
vendored
Normal file
File diff suppressed because it is too large
Load diff
|
@ -5,6 +5,19 @@ Feel free to improve with your payloads and techniques !
|
||||||
|
|
||||||
You can also contribute with a :beers: IRL, or using the sponsor button.
|
You can also contribute with a :beers: IRL, or using the sponsor button.
|
||||||
|
|
||||||
|
## Pull Requests Guidelines
|
||||||
|
|
||||||
|
In order to provide the safest payloads for the community, the following rules must be followed for **every** Pull Request.
|
||||||
|
|
||||||
|
- Payloads must be sanitized
|
||||||
|
- Use `id`, and `whoami`, for RCE Proof of Concepts
|
||||||
|
- Use `[REDACTED]` when the user has to replace a domain for a callback. E.g: XSSHunter, BurpCollaborator etc.
|
||||||
|
- Use `10.10.10.10` and `10.10.10.11` when the payload require IP addresses
|
||||||
|
- Use `Administrator` for privileged users and `User` for normal account
|
||||||
|
- Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples
|
||||||
|
- Prefer commonly used name for machines such as `DC01`, `EXCHANGE01`, `WORKSTATION01`, etc
|
||||||
|
- References must have an `author`, a `title` and a `link`. The `date` is not mandatory but appreciated :)
|
||||||
|
|
||||||
## Techniques Folder
|
## Techniques Folder
|
||||||
|
|
||||||
Every section should contains the following files, you can use the `_template_vuln` folder to create a new technique folder:
|
Every section should contains the following files, you can use the `_template_vuln` folder to create a new technique folder:
|
||||||
|
@ -40,6 +53,10 @@ Use the following example to create a new technique `README.md` file.
|
||||||
|
|
||||||
Quick explanation
|
Quick explanation
|
||||||
|
|
||||||
|
### Subentry 1
|
||||||
|
|
||||||
|
Something about the subentry 1
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
- [Blog title - Author, Date](https://example.com)
|
- [Blog title - Author, Date](https://example.com)
|
||||||
|
|
|
@ -40,6 +40,7 @@
|
||||||
- [Using Mimikatz DCSync](#using-mimikatz-dcsync)
|
- [Using Mimikatz DCSync](#using-mimikatz-dcsync)
|
||||||
- [Using Mimikatz sekurlsa](#using-mimikatz-sekurlsa)
|
- [Using Mimikatz sekurlsa](#using-mimikatz-sekurlsa)
|
||||||
- [Crack NTLM hashes with hashcat](#crack-ntlm-hashes-with-hashcat)
|
- [Crack NTLM hashes with hashcat](#crack-ntlm-hashes-with-hashcat)
|
||||||
|
- [User Hunting](#user-hunting)
|
||||||
- [Password spraying](#password-spraying)
|
- [Password spraying](#password-spraying)
|
||||||
- [Kerberos pre-auth bruteforcing](#kerberos-pre-auth-bruteforcing)
|
- [Kerberos pre-auth bruteforcing](#kerberos-pre-auth-bruteforcing)
|
||||||
- [Spray a pre-generated passwords list](#spray-a-pre-generated-passwords-list)
|
- [Spray a pre-generated passwords list](#spray-a-pre-generated-passwords-list)
|
||||||
|
@ -401,7 +402,7 @@ Replace the customqueries.json file located at `/home/username/.config/bloodhoun
|
||||||
#Find local admins on all machines of the domain:
|
#Find local admins on all machines of the domain:
|
||||||
Invoke-EnumerateLocalAdmin -Verbose
|
Invoke-EnumerateLocalAdmin -Verbose
|
||||||
|
|
||||||
#Find computers were a Domain Admin OR a spesified user has a session
|
#Find computers were a Domain Admin OR a specified user has a session
|
||||||
Invoke-UserHunter
|
Invoke-UserHunter
|
||||||
Invoke-UserHunter -GroupName "RDPUsers"
|
Invoke-UserHunter -GroupName "RDPUsers"
|
||||||
Invoke-UserHunter -Stealth
|
Invoke-UserHunter -Stealth
|
||||||
|
@ -1294,6 +1295,32 @@ $ python2 maskgen.py hashcat.mask --targettime 3600 --optindex -q -o hashcat_1H.
|
||||||
- [crackstation.net](https://crackstation.net)
|
- [crackstation.net](https://crackstation.net)
|
||||||
- [hashes.com](https://hashes.com/en/decrypt/hash)
|
- [hashes.com](https://hashes.com/en/decrypt/hash)
|
||||||
|
|
||||||
|
### User Hunting
|
||||||
|
|
||||||
|
Sometimes you need to find a machine where a specific user is logged in.
|
||||||
|
You can remotely query every machines on the network to get a list of the users's sessions.
|
||||||
|
|
||||||
|
* CrackMapExec
|
||||||
|
```ps1
|
||||||
|
cme smb 10.10.10.0/24 -u Administrator -p 'P@ssw0rd' --sessions
|
||||||
|
SMB 10.10.10.10 445 WIN-8OJFTLMU1IG [+] Enumerated sessions
|
||||||
|
SMB 10.10.10.10 445 WIN-8OJFTLMU1IG \\10.10.10.10 User:Administrator
|
||||||
|
```
|
||||||
|
* Impacket Smbclient
|
||||||
|
```ps1
|
||||||
|
$ impacket-smbclient Administrator@10.10.10.10
|
||||||
|
# who
|
||||||
|
host: \\10.10.10.10, user: Administrator, active: 1, idle: 0
|
||||||
|
```
|
||||||
|
* PowerView Invoke-UserHunter
|
||||||
|
```ps1
|
||||||
|
# Find computers were a Domain Admin OR a specified user has a session
|
||||||
|
Invoke-UserHunter
|
||||||
|
Invoke-UserHunter -GroupName "RDPUsers"
|
||||||
|
Invoke-UserHunter -Stealth
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
### Password spraying
|
### Password spraying
|
||||||
|
|
||||||
Password spraying refers to the attack method that takes a large number of usernames and loops them with a single password.
|
Password spraying refers to the attack method that takes a large number of usernames and loops them with a single password.
|
||||||
|
|
|
@ -50,7 +50,7 @@ You want more ? Check the [Books](https://github.com/swisskyrepo/PayloadsAllTheT
|
||||||
|
|
||||||
👨💻 Contributions
|
👨💻 Contributions
|
||||||
-----
|
-----
|
||||||
|
Be sure to read [CONTRIBUTING.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CONTRIBUTING.md)
|
||||||
|
|
||||||
<p align="center">
|
<p align="center">
|
||||||
<a href="https://github.com/swisskyrepo/PayloadsAllTheThings/graphs/contributors">
|
<a href="https://github.com/swisskyrepo/PayloadsAllTheThings/graphs/contributors">
|
||||||
|
|
Loading…
Reference in a new issue