characters to upper case ones 2. Pad password to 14 characters with NULL characters 3. Split the password to two 7-character chunks 4. Create two DES keys from each 7-character chunk 5. DES encrypt the string "KGS!@#$%" with these two chunks 6. Concatenate the two DES encrypted strings. This is the LM hash.
Spoofing - back to the past Resolve subdomain name (work for Win7) Incorrect subdomain name asdfa.domain.name Cookie Hijacking Session Fixation Set Cookie aaa.domain.name -> domain.name Cross-domain policies bypass *.domain.name Phishing
managing the configuration of both a user and computer in an enterprise Windows domain. DNS – Used to find the nearest domain controller RPC – Used to establish a secure channel with the domain controller make various RPC calls LDAP – Used to query the high level group policy configuration and which GPOs should be applied SMB – Used to get the full GPO content for each applicable GPO GPO with System privilege!
IPTables SMB ports and share - Samba ARP Spoofing - not included (use your favourite tool, e.g. arpspoof) Payloads - Metasploit or your custom binary Payload delivery method - Apache or SMB share https://github.com/whitel1st/GP_Hijack - 2 years ago
small segment of the network (like 4 IP) IPTables redirect all SMB traffic (yep, it’s too destructive) We need contributors, who know how we can find the packages at a low level by policy update signatures What do you want? It’s path of least resistance :)
https://habrahabr.ru/post/306810 W.I.T.C.H., you can test your VM Windows host: http://witch.valdikss.org.ru Dictionary for bruteforce https://weakpass.com Responder https://github.com/SpiderLabs/Responder GP_Hijack tool https://github.com/whitel1st/GP_Hijack