Documentation Index
Fetch the complete documentation index at: https://rootea.es/llms.txt
Use this file to discover all available pages before exploring further.
APT
| · | · |
|---|---|
| Operating system | Windows |
| Difficulty | Insane |
| IP | 10.10.10.213 |
| Retirement date | — |
| Skills | RPC Enumeration Abusing RPC - IOXIDResolver.py (Obtaining the IPV6 machine address) Port scanning with nmap via ipv6 SMB enumeration via ipv6 Cracking ZIP file NTDS enumeration (secretsdump.py) Abusing Kerberos - Kerbrute (Valid user enumeration) SMB Hash Sprying Attempt (Our attack is blocked) PyKerbrute Script Manipulation - Adapting the script to our needs (Kerberos attack) Reg.py - Reading machine registers remotely (Registry Hives Enumeration) Abusing WinRM - Evil-WinRM WinPeas - System Enumeration Windows Defender Evasion Windows Defender Evasion - Bypass-4MSI to disable AMSI (Evil-WinRM) Windows Defender Evasion - Playing with Invoke-Binary to load an EXE into memory (Evil-WinRM) NTLM clients and services support NTLMv1 Collecting Net-NTLMv1 Hash via Responder (1122334455667788 Challenge) Cracking Hashes (Net-NTLMv1) [crack.sh] Secretsdump.py - Dumping the hashes for the rest of the AD users (Using the DRSUAPI method) |