🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸ”§ NetExec Wiki / Checking Credentials (Domain)

Checking Credentials (Domain)

Authentication

  • Failed logins result in a [-]
  • Successful logins result in a [+] Domain\Username:Password

{% hint style="info" %}
Code execution results in a (Pwn3d!) added after the login confirmation. With SMB protocol, most likely your compromised user is in the local administrators group.
{% endhint %}

    SMB         <target>    445    HOSTNAME          [+] <domain>\<username>:<password> (Pwn3d!)

The following checks will attempt authentication to the entire /24 though a single target may also be used.

{% hint style="warning" %}
If NTLM authentication is not available, Kerberos requires the hostname and domain name instead of an IP address.
{% endhint %}

User/Password

nxc smb <target> -u <username> -p <password>

User/Hash

After obtaining credentials such as\
Administrator:500:aad3b435b51404eeaad3b435b51404ee:13b29964cc2480b4ef454c59562e675c:::\
you can use both the full hash or just the nt hash (second half)

nxc smb <target> -u <username> -H <ntlm-hash>
nxc smb <target> -u <username> -H <nt-hash>
nxc smb <target> -u Administrator -H <nt-hash>
nxc smb <target> -u Administrator -H <ntlm-hash>