95 lines
1.4 KiB
Markdown
95 lines
1.4 KiB
Markdown
Got Persistence via (schtasks, bat schtasks, startup folder)
|
|
(screenshot)
|
|
|
|
---
|
|
|
|
(link important info in initialenum.md here)
|
|
|
|
---
|
|
|
|
# powerup.ps1/sharpup.exe notes.
|
|
|
|
(screenshot)
|
|
|
|
---
|
|
|
|
# kerberoast notes
|
|
|
|
- [ ] worked via rubeus
|
|
- [ ] worked via encrypted rubeus
|
|
- [ ] worked via netexec
|
|
|
|
|
|
(screenshot)
|
|
|
|
---
|
|
|
|
# password spray notes
|
|
|
|
worked via (exeasm nefariousspray | inline nefarious spray | powershell tool | other tool)
|
|
|
|
- [ ] useraspass
|
|
- [ ] Seasonyear!
|
|
- [ ] Service123!
|
|
- [ ] admin
|
|
- [ ] Admin
|
|
- [ ] Admin123!
|
|
- [ ] admin123
|
|
- [ ] admin1
|
|
- [ ] 1234567
|
|
- [ ] Seasonyear
|
|
- [ ] seasonyear!
|
|
- [ ] seasonyear
|
|
- [ ] COMPANYYEAR!
|
|
- [ ] COMPANYYEAR
|
|
- [ ] November2024!
|
|
- [ ] September2024!
|
|
- [ ] October2024!
|
|
- [ ] COMPANYfoundingyear!
|
|
- [ ] COMPANYfoundingyear
|
|
- [ ] COMPANYstreetnumber!
|
|
- [ ] COMPANYstreetnumber
|
|
- [ ] Password
|
|
- [ ] P@ssw0rd
|
|
- [ ] Password1!
|
|
- [ ] Password123!
|
|
- [ ] Passwordyear!
|
|
- [ ] P@55w0rd
|
|
- [ ] Service
|
|
- [ ] Service!
|
|
- [ ] Serviceyear!
|
|
|
|
---
|
|
|
|
# bloodhound notes
|
|
|
|
- [ ] worked via exeasm sharphound
|
|
- [ ] worked via inline sharphound
|
|
- [ ] worked via encrypted sharphound
|
|
- [ ] worked via rusthound
|
|
|
|
(notes about intial lateral movement paths)
|
|
|
|
(screenshot)
|
|
|
|
---
|
|
|
|
# portscan notes
|
|
|
|
- [ ] gathered via cobalt strike portscan
|
|
- [ ] host enumeration via cmd
|
|
- [ ] gathered via powershell
|
|
- [ ] gathered via nmap
|
|
- [ ] gathered via other tool (specify here)
|
|
|
|
(screenshot)
|
|
|
|
SSH count:
|
|
FTP count:
|
|
RDP count:
|
|
MSSQL count:
|
|
mysql count:
|
|
(continue as needed)
|
|
|
|
---
|