DEMO
ENUMERATION
NMAP
Kerberos User Enum
User fsmith don't need password let's go to crack it!
I copy hash you can see in last screenshoot and i put in hash file.
I have first credentials!
Comprove credentials:
Let's go!!
SecretsDump don't work:
GetUsersSPN
This means i can generate a ticket for user hsmith
But no works
It's moment to connect to winrm
I run WinPEASx64.exe, i recomended this tool, its amazing: https://github.com/carlospolop/PEASS-ng/
I found credentials with WinPEAS.
Put the real username and the credentials are valid.
I use secretsdump:
WORKS!!!
I try to do Pass the Hash with admin account.
PWNED!!
DONE
DEMO
Thanks