diff --git a/c2/cobalt-strike.md b/c2/cobalt-strike.md index d905f4bb..b8b67c2e 100644 --- a/c2/cobalt-strike.md +++ b/c2/cobalt-strike.md @@ -216,7 +216,7 @@ Don't forget to load the aggressive script `ResourceKit\resources.cna` to indica cd C:\Tools\neo4j\bin neo4j.bat console http://localhost:7474/ --> Change password -execute-assembly C:\Tools\SharpHound3\SharpHound3\bin\Debug\SharpHound.exe -c All -d cyberbotic.io +execute-assembly C:\Tools\SharpHound3\SharpHound3\bin\Debug\SharpHound.exe -c All -d DOMAIN.LOCAL diff --git a/network-services-pentesting/pentesting-postgresql.md b/network-services-pentesting/pentesting-postgresql.md index 5f7e301d..2c41440c 100644 --- a/network-services-pentesting/pentesting-postgresql.md +++ b/network-services-pentesting/pentesting-postgresql.md @@ -61,9 +61,6 @@ SELECT usename, passwd from pg_shadow; #Check if plpgsql is enabled SELECT lanname,lanacl FROM pg_language WHERE lanname = 'plpgsql' - -# Sow installed extensions -SHOW rds.extensions ``` For more information about **how to abuse a PostgreSQL database** check: diff --git a/windows-hardening/active-directory-methodology/README.md b/windows-hardening/active-directory-methodology/README.md index c8477b7c..007002e5 100644 --- a/windows-hardening/active-directory-methodology/README.md +++ b/windows-hardening/active-directory-methodology/README.md @@ -403,7 +403,7 @@ For example you could: * Grant [**DCSync**](./#dcsync) privileges to a user ```powershell - Add-DomainObjectAcl -TargetIdentity "DC=SUB,DC=DOMAIN,DC=LOCAL" -PrincipalIdentity bfarmer -Rights DCSync + Add-DomainObjectAcl -TargetIdentity "DC=dev,DC=cyberbotic,DC=io" -PrincipalIdentity bfarmer -Rights DCSync ``` ### Silver Ticket diff --git a/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md b/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md index 0cd8e9ef..5c542f86 100644 --- a/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md +++ b/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md @@ -33,16 +33,16 @@ WhenChanged : 2/19/2021 10:15:24 PM Get-DomainForeignGroupMember GroupDomain : root.local GroupName : External Users -GroupDistinguishedName : CN=External Users,CN=Users,DC=cyberbotic,DC=io +GroupDistinguishedName : CN=External Users,CN=Users,DC=DOMAIN,DC=LOCAL MemberDomain : root.io -MemberName : S-1-5-21-3022719512-2989052766-178205875-1115 -MemberDistinguishedName : CN=S-1-5-21-3022719512-2989052766-178205875-1115,CN=ForeignSecurityPrincipals,DC=cyberbotic,DC=io +MemberName : S-1-5-21-1028541967-2937615241-1935644758-1115 +MemberDistinguishedName : CN=S-1-5-21-1028541967-2937615241-1935644758-1115,CN=ForeignSecurityPrincipals,DC=DOMAIN,DC=LOCAL ## Note how the members aren't from the current domain (ConvertFrom-SID won't work) ``` ## Trust Account Attack -When an Active Directory domain or forest trust is set up from a domain _B_ to a domain _A_ (_**B**_\*\* trusts **\_**A**\_), a \_**trust account**\_** is created in domain **\_**A**\_**, named **\_**B$**\_. Kerberos \_**trust keys\*\*,\_ derived from the **trust account’s password**, are used for **encrypting inter-realm TGTs**, when users of domain A request service tickets for services in domain B. +When an Active Directory domain or forest trust is set up from a domain _B_ to a domain _A_ (_**B**_ trusts A), a trust account is created in domain **A**, named **B. Kerberos trust keys**,\_derived from the **trust account’s password**, are used for **encrypting inter-realm TGTs**, when users of domain A request service tickets for services in domain B. It's possible to obtain the password and hash of the trusted account from a Domain Controller using: