mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-28 15:41:34 +00:00
Merge branch 'carlospolop:master' into master
This commit is contained in:
commit
f0b08451d9
2 changed files with 4 additions and 4 deletions
|
@ -19,7 +19,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
## Basic Information
|
||||
|
||||
Firstly, Kerberos is an authentication protocol, not authorization. In other words, it allows to identify each user, who provides a secret password, however, it does not validates to which resources or services can this user access.\
|
||||
Kerberos is used in Active Directory. In this platform, Kerberos provides information about the privileges of each user, but it is responsability of each service to determine if the user has access to its resources.
|
||||
Kerberos is used in Active Directory. In this platform, Kerberos provides information about the privileges of each user, but it is the responsability of each service to determine if the user has access to its resources.
|
||||
|
||||
**Default Port:** 88/tcp/udp
|
||||
|
||||
|
@ -56,7 +56,7 @@ Entry_1:
|
|||
Description: Notes for Kerberos
|
||||
Note: |
|
||||
Firstly, Kerberos is an authentication protocol, not authorization. In other words, it allows to identify each user, who provides a secret password, however, it does not validates to which resources or services can this user access.
|
||||
Kerberos is used in Active Directory. In this platform, Kerberos provides information about the privileges of each user, but it is responsability of each service to determine if the user has access to its resources.
|
||||
Kerberos is used in Active Directory. In this platform, Kerberos provides information about the privileges of each user, but it is the responsability of each service to determine if the user has access to its resources.
|
||||
|
||||
https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88
|
||||
|
||||
|
|
|
@ -439,7 +439,7 @@ In **kali** it is located on /usr/share/doc/python3-impacket/examples/
|
|||
|
||||
```bash
|
||||
nmap --script smb-brute -p 445 <IP>
|
||||
ridenum.py <IP> 500 50000 /root/passwds.txt #Get usernames bruteforcing that rids and then try to bruteforce eachusername
|
||||
ridenum.py <IP> 500 50000 /root/passwds.txt #Get usernames bruteforcing that rids and then try to bruteforce each user name
|
||||
```
|
||||
|
||||
## SMB relay attack
|
||||
|
@ -451,7 +451,7 @@ This attack uses the Responder toolkit to **capture SMB authentication sessions*
|
|||
|
||||
The Windows library URLMon.dll automatically try to authenticaticate to the host when a page tries to access some contect via SMB, for example: `img src="\\10.10.10.10\path\image.jpg"`
|
||||
|
||||
This happens with the funcions:
|
||||
This happens with the functions:
|
||||
|
||||
* URLDownloadToFile
|
||||
* URLDownloadToCache
|
||||
|
|
Loading…
Reference in a new issue