Category Security

Use Pass-the-Hash to exfil ntds.dit

If you have a hash for either a domain admin or a local admin on a domain controller, you can use mimikatz to exfil the entire Active Directory database. From mimikatz, run the following command to spawn a shell as…

sqlmap advanced tips and tricks

Today we’re going to look at using sqlmap when the target website uses base64 encoded parameters. For example, we have something like: http://<target>/products/article.php?art_id=<base64_encoded_value> In this case we have to “convince” sqlmap that when scanning, to use base64 for all payloads.…