From initial access to Domain Takeover in 10 minutes (More or less)
Рет қаралды 1,281
Күн бұрынThis video shows a complete domain takeover from initial access in form of a malicious LNK-file, coercing, relaying, ADCS abuse and DCSync.
Part 1 shows the attack through a firewall allowing TCP 445 out.
in Part 2 SMB out is blocked (as it should be), and showing a sneaky workaround using QUIC (UDP 443) instead
Tools used:
Chisel - github.com/jpi...
Lnk2pwn - github.com/it-...
Shellz - github.com/4nd...
Rubeus - github.com/Gho...
Proxychains - github.com/haa...
impacket-ticketConverter - github.com/for...
impacket-ntlmrelayx - github.com/for...
impacket-secretsdump - github.com/for...
impacket-addcomputer - github.com/for...
impacket-getTGT - github.com/for...
DFSCoerce - github.com/Wh0...
Evil-WinRM - github.com/Hac...
certipy - github.com/ly4...
ntlmQUIC - github.com/xpn...
gettgtpkinit - github.com/dir...
dnstool - github.com/dir...
@mcdazz2011 3 ай бұрын
Great video. 🙂
@ohmsohmsohms 28 күн бұрын
Nice vid :D
@null_1065 4 ай бұрын
I hope you are able to make more windcorp boxes sir, this video is very informative
@0xAkash_Sarkar 4 ай бұрын
Could you make a video for NS takeover?
@revdamage9430 4 ай бұрын
The certificate enum part is missing was it esc8 ?
@_4ndr34z 4 ай бұрын
Correct. esc8😊
@SolitaryElite 4 ай бұрын
why is bro so quiet 😭
@_4ndr34z 4 ай бұрын
There’re should be audio on this one?
@SolitaryElite 4 ай бұрын
@@_4ndr34z yes :))
Matt Brown
Рет қаралды 269 М.
Quantum Hacker
Рет қаралды 625