Edit

๐Ÿ”งTesting Active Directory

Tools

LogoGitHub - MichaelGrafnetter/DSInternals: Directory Services Internals (DSInternals) PowerShell Module and FrameworkGitHub

Load DSInternals using Powershell

Install Impacket in Linux

Install BloodHound in Linux

Install Kerbrute

LogoGitHub - ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcingGitHub

Install Crackmapexec

Logocrackmapexec | Kali Linux ToolsKali Linux

Extract the AD hashes

Password spraying Active Directory

LogoGitHub - dafthack/DomainPasswordSpray: DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!GitHub

Kerberos brute-forcing attacks

Kerbrute

LogoGitHub - ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcingGitHub

Username Enumeration

Password Attack

CrackMapExec to access and enumerate AD

Pass The Hash Attack

Investigate the SYSVOL share

LogoUnsecured Credentials: Group Policy Preferences, Sub-technique T1552.006 - Enterprise | MITRE ATT&CKยฎattack.mitre.org

Retrieve a File

Take advantage of legacy data

Jxplorer

  • Open Jxplorer

  • Enter username and password

  • Select a user

  • Select Table Editor Column at the right hand side

  • Decode the Info value (base64 encoded)

Decode Base64 value

PreviousIntroduction to IdentitiesNextAdvanced Penetration Testing

Last updated

Was this helpful?