AD Enumeration

Enumeration:

Remote AD Enumeration - https://github.com/UserExistsError/adenum.py

Enumeration via COM objects - https://www.mandiant.com/resources/blog/hunting-com-objects

[ File transfer ]

Portable Python - https://sourceforge.net/projects/portable-python/ [ can install with admin privilege ]

IP address and their subnet mask:

type ipconfig /all

get the mask details and find the mask value by using below image.

Stealing NTLM Hash : smb signing and not required based vulnerability https://infosecwriteups.com/abusing-ntlm-relay-and-pass-the-hash-for-admin-d24d0f12bea0

ADRecon Tools:

-- https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/bloodhound

Bloodhound custom queries

• https://github.com/ZephrFish/Bloodhound-CustomQueries

• https://github.com/CompassSecurity/BloodHoundQueries

Cheatsheet https://wadcoms.github.io/ https://gtfobins.github.io/ https://lolbas-project.github.io/#

Responder - https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html

Hashes and tickets - https://dmcxblue.net/2021/07/18/playing-with-hashes-and-tickets/

smbexec - https://dmcxblue.net/2021/02/20/a-dive-on-smbexec/

fileless malware - https://dmcxblue.net/2021/08/30/fileless-malware/

ACL Abuse

- https://www.youtube.com/watch?v=z8thoG7gPd0