Рет қаралды 1,281
This video shows a complete domain takeover from initial access in form of a malicious LNK-file, coercing, relaying, ADCS abuse and DCSync.
Part 1 shows the attack through a firewall allowing TCP 445 out.
in Part 2 SMB out is blocked (as it should be), and showing a sneaky workaround using QUIC (UDP 443) instead
Tools used:
Chisel - github.com/jpi...
Lnk2pwn - github.com/it-...
Shellz - github.com/4nd...
Rubeus - github.com/Gho...
Proxychains - github.com/haa...
impacket-ticketConverter - github.com/for...
impacket-ntlmrelayx - github.com/for...
impacket-secretsdump - github.com/for...
impacket-addcomputer - github.com/for...
impacket-getTGT - github.com/for...
DFSCoerce - github.com/Wh0...
Evil-WinRM - github.com/Hac...
certipy - github.com/ly4...
ntlmQUIC - github.com/xpn...
gettgtpkinit - github.com/dir...
dnstool - github.com/dir...