Jul 18, 2022

AD and Kerberos PenTest

Here, I keep the notes on the commands and tools/scripts used for pentest on AD and Kerberos.  

 

Reconnaissance Commands:

c:\> net user

c:\> whoami

c:\> whoami /groups

c:\> net user /domain

c:\> net user [username] domain

Brute Force Active Directory:

msf > use auxiliary/scanner/smb/smb_login

mimikatz # lsadump::dcsync /domain:pentestlab.local /all /csv

 

Kerberos brute-force:

  1. kerbrute - Linux tool
  2. Rubeus - Windows module

ASREPRoast and Kerberoasting

  1. GetNPUsers.py
  2. Rubeus

Cracking the AS_REP and TGS

  1. Hashcat
  2. John

Overpass The Hash/Pass The Key (PTK)

  1. getTGT.py
  2. Rubeus and PsExec

 Pass The Ticket (PTT)

  1.  tickey
  2. Mimikatz or Rubeus

Silver ticket and Golden ticket:

  1. ticketer.py
  2. Mimikatz, Rubeus and PsExec

 

Links: