CVE-2021-36942

Python implementation for PetitPotam

PetitPotam Coerce NTLM authentication from Windows hosts Installtion $ pip3 install impacket Usage usage: petitpotampy [-h] [-debug] [-port [destination port]] [-pipe pipe] [-method method] [-target-ip ip address] [-hashes LMHASH:NTHASH] [-no-pass] [-k] [-dc-ip ip address] tar

Python implementation for PetitPotam

PetitPotam Coerce NTLM authentication from Windows hosts Installtion $ pip3 install impacket Usage usage: petitpotampy [-h] [-debug] [-port [destination port]] [-pipe pipe] [-method method] [-target-ip ip address] [-hashes LMHASH:NTHASH] [-no-pass] [-k] [-dc-ip ip address] tar

替代PrintBug用于本地提权的新方式，主要利用MS-EFSR协议中的接口函数 借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式 Drawing on the use of the EFSR protocol in Potitpotam, a series of local rights escalation methods have been realized

PetitPotam description 替代PrintBug用于本地提权的新方式，主要利用MS-EFSR协议中的接口函数 借鉴了Potitpotam中对于EFSR协议的利用,实现了本地提权的一系列方式 Drawing on the use of the EFSR protocol in Potitpotam, a series of local rights escalation methods have been realized Use Petitpotam提供了如下几种接口函数用于本地�

Efsr-Client (CVE-2021-36942) Local privilege escalation method which forces LSASSexe process to perform NTLM authentication using the MS-EFSR's EfsRpcOpenFileRaw method By default LSASSexe takes the UNC host device name and makes a CreateFile operation to the \\<host>\pipe\srvsvc UNC path This is exploited by supplying a UNC host device of with forwarded

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

PetitPotam PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions :) The tools use the LSARPC named pipe with inteface c681d488-d850-11d0-8c52-00c04fd90f7e because it's more prevalent But it's possible to trigger with the EFSRPC named pipe and interface df1941c5-fe89-4e79-bf10-463657acf44d It doesn'

2023 MSU REU Graph DB This project is a docker-based web application to enhance analysis and mitigation, called Security System Plan Manager (SSPM) A unique list of CVE/CWE's is generated with a static analysis tool, this project will produce a comprehensive list of attack paths present and security controls recommended for the system SSPM can be used to know which NIST

More EFS coerced authentication method with PetitPotam.py

PetitPotam PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions :) The tools use the LSARPC named pipe with inteface c681d488-d850-11d0-8c52-00c04fd90f7e because it's more prevalent But it's possible to trigger with the EFSRPC named pipe and interface df1941c5-fe89-4e79-bf10-463657acf44d It doesn'

RDP Breaker Tool Authors @samir Features Key Features Fetch RDP Hosts: The tool allows users to specify the number of RDP hosts they want to fetch for further assessment Masscan Integration: Users can choose to use masscan, a fast port scanning tool, to identify hosts with open RDP ports Metasploit Integration: Users can choose to use Metasploit, a popular penetration

ADTech Appunti, metodologia di penetration test per il rilevamento di anomalie, elenco di strumenti, script e comandi di Windows che trovo utili durante INPT/AS/RED TEAMING Tabelle contenuti Attacco 1 PetitPotam - NTLMv1 relay attack Attacco 2 Enumerazione AD da non autenticato sfruttando MITM6 Attacco 3 Sfruttamento ESC 8 ADCS Attacco 4 Aggiunta nuovo computer in AD con

INTRODUCTION TO ACTIVE DIRECTORY xfreerdp /v:10129202146 /u:htb-student_adm /p:Academy_student_DA! Para este modulo se van a hacer tareas que haria alguien que administra un active directory primero xfreerdp /v:10129202146 /u:htb-student_adm /p:Academy_student_DA! Estructura La estructura basica de active directory es FOREST (que

Basic Tools Command Description General sudo openvpn userovpn Connect to VPN ifconfig/ip a Show our IP address netstat -rn Show networks accessible via the VPN ssh user@10101010 SSH to a remote server ftp 1012942253 FTP to a remote server tmux tmux Start tmux ctrl+b tmux: default prefix prefix c tmux: new window prefix 1 tmux: switch to windo