AD and Kerberos PenTest

Here, I keep the notes on the commands and tools/scripts used for pentest on AD and Kerberos.  

 

Reconnaissance Commands:

c:\> net user

c:\> whoami

c:\> whoami /groups

c:\> net user /domain

c:\> net user [username] domain

Brute Force Active Directory:

msf > use auxiliary/scanner/smb/smb_login

mimikatz # lsadump::dcsync /domain:pentestlab.local /all /csv

 

Kerberos brute-force:

1. kerbrute - Linux tool
2. Rubeus - Windows module

ASREPRoast and Kerberoasting

1. GetNPUsers.py
2. Rubeus

Cracking the AS_REP and TGS

1. Hashcat
2. John

Overpass The Hash/Pass The Key (PTK)

1. getTGT.py
2. Rubeus and PsExec
   

 Pass The Ticket (PTT)

1.  tickey
2. Mimikatz or Rubeus
   

Silver ticket and Golden ticket:

1. ticketer.py
2. Mimikatz, Rubeus and PsExec

 

Links:

• Active Directory Penetration Testing Checklist
• AD Recon (GitHub)
  
• Kerberos (II): How to attack Kerberos?
• kerbrute (GitHub) 
• Rubeus (GitHub)