search

userEnumerating users (No credentials)

Seeking for a foothold heh?

hashtag
Kerbrute usernames

A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication.

LogoRelease v1.0.3 · ropnop/kerbruteGitHubchevron-right

hashtag
Getting users with impacket-lookupsid

hashtag
Crackmapexec rid-brute

hashtag
AS-REP Roasting

AS-REP roasting is an attack against Kerberos for user that don't require preauthentication During preauthentication, a user will enter their password which will be used to encrypt a timestamp and then the domain controller will attempt to decrypt it and validate that the right password was used and that it is not replaying a previous request. From there, the TGT will be issued for the user to use for future authentication. If preauthentication is disabled, an attacker could request authentication data for any user and the DC would return an encrypted TGT that can be brute-forced offline.

hashtag
Guest access smb share

First list all shares:

Connect to share:

hashtag
Enumerate LDAP

hashtag
Relay/poisoning

hashtag
AD-enumerator.py

Windows Active Directory enumeration tool for Linux, written in Python. Can be used to quickly enumerate popular services on a Windows Domain Controller.

LogoGitHub - 1ncendium/AD-Enumerator: Windows Active Directory enumeration tool for LinuxGitHubchevron-right

PreviousRequest SmugglingNextPrivilege Escalation

Last updated