whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added windows enumeration details.

This commit is contained in:
gurkenhabicht 2025-05-21 17:27:29 +02:00
parent dedafc3c94
commit 9be912401b
5 changed files with 98 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Enumeration/AS-REP Roasting.md Normal file
View File

@ -0,0 +1,12 @@
# AS-Rep Roating
AS-Rep Roasting dumps user accounts which did not enable pre-authentication.
This is somewhat similar to Kerberoasting but includes user accounts as well.
## Usage
Impacket got `GetNPUsers` to check non pre-authenticated user accounts and find credentials.
```sh
impacket-GetNPUsers $TARGET_DOMAIN/ -dc-ip $TARGET_DC_IP -usersfile $USERS_FILE -format hashcat -outputfile hashes.txt -no-pass
```

15
Enumeration/Windows/Powershell.md
View File

@ -1,18 +1,23 @@
# Powershell Usage # Powershell Usage
## Get-Help ## Get-Help
``` ```
Get-Help Command-Name Get-Help Command-Name
``` ```
* Show examples
Show examples
``` ```
Get-Help Command-Name -Examples Get-Help Command-Name -Examples
``` ```
* Get-Command gets all the cmdlets installed on the current Computer. Get-Command gets all the cmdlets installed on the current Computer.
``` ```
Get-Command Get-Command
``` ```
``` ```
Get-Command Verb-* Get-Command Verb-*
Get-Command Invoke-* Get-Command Invoke-*
@ -20,19 +25,23 @@ Get-Command Get-*
``` ```
## Passing Output via Pipe ## Passing Output via Pipe
* A pipe passes object including methods and attributes.
A pipe passes object including methods and attributes.
``` ```
Verb-Noun | Get-Member Verb-Noun | Get-Member
``` ```
``` ```
Get-Command | Get-Member -MemberType Method Get-Command | Get-Member -MemberType Method
``` ```
## Creating Objects from Previous Cmdlets ## Creating Objects from Previous Cmdlets
``` ```
Get-ChildItem | Select-Object -Property Mode, Name Get-ChildItem | Select-Object -Property Mode, Name
``` ```
* first - gets the first x object * first - gets the first x object
* last - gets the last x object * last - gets the last x object
* unique - shows the unique objects * unique - shows the unique objects

9
Enumeration/Windows/Registry.md Normal file
View File

@ -0,0 +1,9 @@
# Registry Enumeration
## Usage
Query keys including the string `password` via `reg`.
```sh
reg query HKLM /f "password" /t REG_SZ /s
```

51
Post Exploitation/Windows/Add Users.md
View File

@ -1,16 +1,61 @@
# Add user as system user # Users
## List Users
List local users
```
net user
```
List users of the domain
```
net user /domain
```
Get more information about a user
```
net user Administrator /domain
```
## List Groups
List local groups
```
net localgroup
```
List groups of the domain
```
net group /domain
```
Get more information about a group
```
net group Administrator /domain
```
## Add user as system user
```sh ```sh
net user <username> <password> /add net user <username> <password> /add
``` ```
```sh ```sh
net localgroup Administrator <username> /add net localgroup Administrator <username> /add
``` ```
```sh ```sh
net localgroup "Remote Management Users" <username> /add net localgroup "Remote Management Users" <username> /add
``` ```
```sh ```sh
net user <username> net user <username>
``` ```
* connect via winRM
connect via winRM afterwards using the new user

12
Post Exploitation/Windows/Registry.md
View File

@ -1,7 +1,17 @@
# Windows Registry # Windows Registry
## AutoLogin Password ## AutoLogin Password
* Automatic logon password is save in plaintext
Automatic logon password is save in plaintext
``` ```
reg query "HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon" reg query "HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon"
``` ```
## Search for Passwords
Use `reg` to search for passwords inside Keys of the registry via the following line.
```
reg query HKLM /f "password" /t REG_SZ /s
```