admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SSRF exploiting WSGI

Browse Source
This commit is contained in:
Swissky
2020-01-05 22:11:28 +01:00
parent 3a9b9529cb
commit 71171fa78b
2 changed files with 52 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
Methodology and Resources/Active Directory Attack.md
View File

@@ -540,10 +540,10 @@ Password spraying refers to the attack method that takes a large number of usern
Most of the time the best passwords to spray are :
- Password123
- Welcome1
- Password123, mimikatz
- Welcome1/Welcome01
- $Companyname1 : $Microsoft1
- SeasonYear : Winter2019*
- SeasonYear : Winter2019*,Spring2020!,Summer2018?
- Default AD password with simple mutations such as number-1, special character iteration (*,?,!,#)
#### Kerberos pre-auth bruteforcing
@@ -1033,6 +1033,17 @@ ADACLScan.ps1 -Base "DC=contoso;DC=com" -Filter "(&(AdminCount=1))" -Scope subtr
### Trust relationship between domains
* One-way
* Domain B trusts A
* Users in Domain A can access resources in Domain B
* Users in Domain B cannot access resources in Domain A
* Two-way
* Domain A trusts Domain B
* Domain B trusts Domain A
* Authentication requests can be passed between the two domains in both directions
#### Enumerate trusts between domains
```powershell
nltest /trusted_domains
```
@@ -1047,6 +1058,19 @@ SourceName TargetName TrustType TrustDirection
domainA.local domainB.local TreeRoot Bidirectional
```
#### Exploit trusts between domains
:warning: Require a Domain-Admin level access to the current domain.
| Source | Target | Technique to use | Trust relationship |
|---|---|---|---|
| Root | Child | Golden Ticket + Enterprise Admin group (Mimikatz /groups) | Inter Realm (2-way) |
| Child | Child | SID History exploitation (Mimikatz /sids) | Inter Realm Parent-Child (2-way) |
| Child | Root | SID History exploitation (Mimikatz /sids) | Inter Realm Tree-Root (2-way) |
| Forest A | Forest B | PrinterBug + Unconstrained delegation ? | Inter Realm Forest or External (2-way) |
### Child Domain to Forest Compromise - SID Hijacking
Most trees are linked with dual sided trust relationships to allow for sharing of resources.
@@ -1498,4 +1522,5 @@ CME 10.XXX.XXX.XXX:445 HOSTNAME-01 [+] DOMAIN\COMPUTER$ 6b3723410a3c5
* [How to build a SQL Server Virtual Lab with AutomatedLab in Hyper-V - October 30, 2017 - Craig Porteous](https:/www.sqlshack.com/build-sql-server-virtual-lab-automatedlab-hyper-v/)
* [SMB Share SCF File Attacks - December 13, 2017 - @netbiosX](pentestlab.blog/2017/12/13/smb-share-scf-file-attacks/)
* [Escalating privileges with ACLs in Active Directory - April 26, 2018 - Rindert Kramer and Dirk-jan Mollema](https://blog.fox-it.com/2018/04/26/escalating-privileges-with-acls-in-active-directory/)
* [A Red Teamers Guide to GPOs and OUs - APRIL 2, 2018 - @_wald0](https://wald0.com/?p=179)
* [A Red Teamers Guide to GPOs and OUs - APRIL 2, 2018 - @_wald0](https://wald0.com/?p=179)
* [Carlos Garcia - Rooted2019 - Pentesting Active Directory Forests public.pdf](https://www.dropbox.com/s/ilzjtlo0vbyu1u0/Carlos%20Garcia%20-%20Rooted2019%20-%20Pentesting%20Active%20Directory%20Forests%20public.pdf?dl=0)