Edit

🕵️Enumeration

Scan The Target using Nmap

nmap <IP addr>
nmap -sV <IP addr>

Get The NetBIOS Domain Name

enum4linux <IP addr>

Get The NetBIOS Domain Name using Metasploit

msfconsole

use auxiliary/scanner/smb/smb_version

show options

set RHOSTS <IP addr>

run

User Enumeration

LogoGitHub - ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcingGitHub

Enumerate Valid Usernames

./kerbrute_linux_amd64 userenum -d lab.ropnop.com --dc <domain IP address> usernames.txt

SMB Share Enumeration

SMBClient

List Shares

sudo smbclient -U spookysec.local/svc-admin -L //<IP address>

Access a Share

sudo smbclient -U spookysec.local/svc-admin //<IP address>/backup

PreviousHacking Active Directory EnvironmentNextExploitation

Last updated

Was this helpful?