Active Directory Security
PRACTICE ! PRACTICE ! PRACTICE !
Enumerating the Usernames first !
If anonymous user has READ permissions over the $IPC share, then
Meanwhile, run the enum4linux in the background
If rpcclient has anonymous login then
AS-REP Roasting
After finding valid usernames, try to check if there is any way to AS-REP roast
After Having Creds
Enumerate Shares with those creds -
cme
Try dumping the secrets with it -
impacket-secretsdump
Try dumping the sam and lass -
crackmapexec
Check for winrm, smb and other services till it gets Pwn3d
Last updated