Here, I keep the notes on the commands and tools/scripts used for pentest on AD and Kerberos.
Reconnaissance Commands:
c:\> net user
c:\> whoami
c:\> whoami /groups
c:\> net user /domain
c:\> net user [username] domain
Brute Force Active Directory:
msf > use auxiliary/scanner/smb/smb_login
mimikatz # lsadump::dcsync /domain:pentestlab.local /all /csv
Kerberos brute-force:
- kerbrute - Linux tool
- Rubeus - Windows module
ASREPRoast and Kerberoasting
- GetNPUsers.py
- Rubeus
Cracking the AS_REP and TGS
- Hashcat
- John
Overpass The Hash/Pass The Key (PTK)
- getTGT.py
- Rubeus and PsExec
Pass The Ticket (PTT)
- tickey
- Mimikatz or Rubeus
Silver ticket and Golden ticket:
- ticketer.py
- Mimikatz, Rubeus and PsExec
Links: