Skip to content

Deepanjalkumar/Pentesting

Repository files navigation

Active directory

NTDS - ntds.dit which contain credentials for all user

NTDS

SYSVOL - Group policy preference which contain credential on group.xml file

Group Policy

USER, GROUP, OU AND CU

USER AND COMPUTER

GROUP - SALES

OU - US

CU- DEFAULT IN MOST CASE

kerberosting

1- KDC

2- TGT & TGS

3- SPN

ATTACKS : GETUSERSPN HTB.LOCAL/username:password -performing ldap search

          GETUSERSPN HTB.LOCAL/USERNAME:PASSWORD -REQUEST -----------THIS WILL GIVE THE NTLM HASH FOR THE SERVICE ACCOUNT WE CAN CRACK IT ONLINE 

Silver ticket - impersonate any user for that service

               step 1-: Perform kerberosting attack gain the password
               
               step 2-: Get ntlm hash for the service which we wanna compromise
               
               step 3-: Perform silver ticket attack.

Golden ticket - impersonate any user for anything that support kerberos.

               dump ntds.dit file using secretdump.py to get all hashes
               
               use krbtgt ntlm hash to impersonate whatever user you want.

About

No description, website, or topics provided.

Resources

License

Stars

1 star

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages