Alessandro Iandoli

@m3rcer the two sessions you spawned are on the same machine?

Both of them are HTTP sessions?

@dhauenstein for the moment did you give a look at pezor project https://github.com/phra/PEzor (a reference to pezor is present in sliver documentation)? A way to customize would be as you...

So maybe it would be possible to let the sliver-server make an api call to the external builder. The api call is implemented as a rest API that is offered...

Oh excellent! And thanks for last modifications to RportFwd variables, i didn't notice the inconsistent naming.

Thanks for your reply. I found a tool that checks for CVE-2019-1166 at this link https://github.com/preempt/ntlm-scanner (i think created by who discovered mic related vulnerabilities). Here you can find a...

Hey i think I finally found the way to exploit CVE-2019-1166 and successfully bypass MIC. It seems that by injecting an MsvAvFlags attribute with value 0x0 but with length 0x8,...

Hi @martingalloar! To be honest I find some issues when I try relaying from SMB to SMB. In addition both the victim client and victim server have to be vulnerable...

Hey @T3KX I've checked right now with my configuration and delegation rights were modified successfully even by relaying to ldap.  Here it is the command used to create the...

No worries @T3KX, actually you made me discover a new feature of ntlmrelayx. So thanks to you :)