GitBook: [#3580] No subject

2022-10-08 08:34:51 +00:00 · 2022-10-08 08:34:51 +00:00 · dcf87c69db
parent e5213fb8a7
commit dcf87c69db
4 changed files with 6 additions and 9 deletions
--- a/c2/cobalt-strike.md
+++ b/c2/cobalt-strike.md
@ -216,7 +216,7 @@ Don't forget to load the aggressive script `ResourceKit\resources.cna` to indica
 cd C:\Tools\neo4j\bin
 neo4j.bat console
 http://localhost:7474/ --> Change password
-execute-assembly C:\Tools\SharpHound3\SharpHound3\bin\Debug\SharpHound.exe -c All -d cyberbotic.io
+execute-assembly C:\Tools\SharpHound3\SharpHound3\bin\Debug\SharpHound.exe -c All -d DOMAIN.LOCAL



--- a/network-services-pentesting/pentesting-postgresql.md
+++ b/network-services-pentesting/pentesting-postgresql.md
@ -61,9 +61,6 @@ SELECT usename, passwd from pg_shadow;

 #Check if plpgsql is enabled
 SELECT lanname,lanacl FROM pg_language WHERE lanname = 'plpgsql'
-
-# Sow installed extensions
-SHOW rds.extensions
 ```

 For more information about **how to abuse a PostgreSQL database** check:
--- a/windows-hardening/active-directory-methodology/README.md
+++ b/windows-hardening/active-directory-methodology/README.md
@ -403,7 +403,7 @@ For example you could:
 *   Grant [**DCSync**](./#dcsync) privileges to a user

    ```powershell
-    Add-DomainObjectAcl -TargetIdentity "DC=SUB,DC=DOMAIN,DC=LOCAL" -PrincipalIdentity bfarmer -Rights DCSync
+    Add-DomainObjectAcl -TargetIdentity "DC=dev,DC=cyberbotic,DC=io" -PrincipalIdentity bfarmer -Rights DCSync
    ```

 ### Silver Ticket
--- a/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md
+++ b/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md
@ -33,16 +33,16 @@ WhenChanged     : 2/19/2021 10:15:24 PM
 Get-DomainForeignGroupMember
 GroupDomain             : root.local
 GroupName               : External Users
-GroupDistinguishedName  : CN=External Users,CN=Users,DC=cyberbotic,DC=io
+GroupDistinguishedName  : CN=External Users,CN=Users,DC=DOMAIN,DC=LOCAL
 MemberDomain            : root.io
-MemberName              : S-1-5-21-3022719512-2989052766-178205875-1115
-MemberDistinguishedName : CN=S-1-5-21-3022719512-2989052766-178205875-1115,CN=ForeignSecurityPrincipals,DC=cyberbotic,DC=io
+MemberName              : S-1-5-21-1028541967-2937615241-1935644758-1115
+MemberDistinguishedName : CN=S-1-5-21-1028541967-2937615241-1935644758-1115,CN=ForeignSecurityPrincipals,DC=DOMAIN,DC=LOCAL
 ## Note how the members aren't from the current domain (ConvertFrom-SID won't work)
 ```

 ## Trust Account Attack

-When an Active Directory domain or forest trust is set up from a domain _B_ to a domain _A_ (_**B**_\*\* trusts **\_**A**\_), a \_**trust account**\_** is created in domain **\_**A**\_**, named **\_**B$**\_. Kerberos \_**trust keys\*\*,\_ derived from the **trust account’s password**, are used for **encrypting inter-realm TGTs**, when users of domain A request service tickets for services in domain B.
+When an Active Directory domain or forest trust is set up from a domain _B_ to a domain _A_ (_**B**_ trusts A), a trust account is created in domain **A**, named **B. Kerberos trust keys**,\_derived from the **trust account’s password**, are used for **encrypting inter-realm TGTs**, when users of domain A request service tickets for services in domain B.

 It's possible to obtain the password and hash of the trusted account from a Domain Controller using: