Skip to main content

Recently Updated Pages

Export a Proxmox VM to VirtualBox

Proxmox

Example VM I want to export the pfsense-deleteme VM and import it into VirtualBox. The procedure...

Updated 3 months ago by 0xBEN

xfreerdp

Active Directory Post Exploitation: Attacks

Usage and Help Display the xfreerdp man page man xfreerdp Display the xfreerdp help output on ...

Updated 3 months ago by 0xBEN

POP3

Mail Mapping Mailboxes with Mutt

Create the Config File nano ./username-muttrc You should only need to change the username, pass...

Updated 3 months ago by 0xBEN

IMAP

Mail Mapping Mailboxes with Mutt

Create the Config File nano ./username-muttrc You should only need to change the username, pass...

Updated 3 months ago by 0xBEN

Using Faketime for Ad-Hoc Kerberos Authentication

Active Directory Initial Attack Vectors

Installing Faketime sudo apt install faketime faketime -h This will run the specified 'progr...

Updated 4 months ago by 0xBEN

Extracting Kerberos AS-REQ Pre-Auth Hashes from PCAPs

Active Directory Post Exploitation: Enumeration

PCAP Analysis Note the existence of KRB5 protocol traffic on tcp/88, which is further identifi...

Updated 4 months ago by 0xBEN

Kerberos Pre-Auth Username Enumeration

Active Directory Initial Attack Vectors

How it Works We can send a request for a TGT --- without a pre-authentication hash --- to the Ke...

Updated 4 months ago by 0xBEN

NTLM Credential Stuffing (Internal/External)

Active Directory Initial Attack Vectors

NTLM Basic Authentication Could obtain a list of usernames via OSINT, or via something like RI...

Updated 4 months ago by 0xBEN

AS-REP Roasting (Internal/External)

Active Directory Initial Attack Vectors

AS-REP Roasting If Kerberos pre-authentication is disabled on a user account in Active Directory...

Updated 4 months ago by 0xBEN

NULL Session Enumeration (Internal/External)

Active Directory Initial Attack Vectors

NULL Session LDAP, SMB, and RPC may allow a user to authenticate to the service without providin...

Updated 4 months ago by 0xBEN

CrackMapExec

Active Directory Post Exploitation: Enumeration

When to Use Useful post-compromise if you've dumped hashes from SAM or LSASS or obtained clearte...

Updated 4 months ago by 0xBEN

GetUserSPNs.py

Active Directory Post Exploitation: Enumeration

When to Use Useful in post-compromise enumeration. If you acquire user passwords or hashes for a...

Updated 4 months ago by 0xBEN

GetADUsers.py

Active Directory Post Exploitation: Enumeration

When to Use Helpful in post-compromise enumeration. If you've compromised a domain-joined host, ...

Updated 4 months ago by 0xBEN

Dumping DNS Records with adidnsdump

Active Directory Post Exploitation: Enumeration

Active Directory Integrated DNS Dump (adidnsdump) GitHub Repository Installation python3 -m pi...

Updated 4 months ago by 0xBEN

LdapDomainDump

Active Directory Post Exploitation: Enumeration

When to Use    You'll know when you've found a domain controller, because it will have ...

Updated 4 months ago by 0xBEN

Remote Bloodhound

Active Directory Post Exploitation: Enumeration

GitHub Repo Prerequisites impacket ldap3 dnspython  Installation python3 -m pip insta...

Updated 4 months ago by 0xBEN

Enum4Linux

Active Directory Post Exploitation: Enumeration

Details Enum4linux is a tool for enumerating information from Windows and Samba systems. It at...

Updated 4 months ago by 0xBEN

LdapSearch

Active Directory Post Exploitation: Enumeration

When to Use  You'll know when you've found a domain controller, because it will have several por...

Updated 4 months ago by 0xBEN

PrintNightmare (Internal/External)

Active Directory Initial Attack Vectors

Remote Code Execution https://github.com/cube0x0/CVE-2021-1675 Contains full details on scannin...

Updated 4 months ago by 0xBEN

Manual Enumeration

Active Directory Post Exploitation: Enumeration

net.exe Drawbacks net does not show nested groups net only shows up to 10 groups even if a u...

Updated 4 months ago by 0xBEN