|
|
@@ -7,9 +7,7 @@ tags: [windows, security, network, AD]
|
|
|
Internal Network Audit
|
|
|
|
|
|
## Low Hanging Fruits
|
|
|
-{% hint style="info" %}
|
|
|
-Hello world
|
|
|
-{% endhint %}
|
|
|
+
|
|
|
### AD User Details
|
|
|
|
|
|
* Get domain password policy
|
|
|
@@ -124,6 +122,7 @@ sh> responder.py -c config -I eth0
|
|
|
* `-p <password>` can be replaced with `-H <hash>` for PtH Attacks
|
|
|
* CME will print `(pwn3d)` once a user has write access to `C$` or `ADMIN$`
|
|
|
* Enumerating SMB shares and saving ips where SMB signing is disabled
|
|
|
+
|
|
|
```
|
|
|
sh> cme smb <cidr> --gen-relay-list targets.txt
|
|
|
|
Marius Schwarz