Enumeration
NMAP
AD ENUM
My own tool: https://github.com/S12cybersecurity/AD-Pentest
I try to get users from this domain with module users
RPC Blocked but LookUPSID works!!
ASREPRoasting attack!!
I have credentials:
I can't access with EVIL-WINRM, i need BloudHound:
Bloodhound
I upload in bloodhound GUI:
I put my user:
I can change password to audit2020 user:
New password is 'Password123'
I found new SMB Folders
I found one interesting file named lsass.zip
I run pypykatz and i found hash
I can connect with evil-winrm
I have user.txt
Privilieges...
PERFECT!! SeBackupPriviliege...
