Linux

CrackMapExec

# Domain User Enumeration
sudo crackmapexec smb ip -u eren -p pass --users

# Domain Group Enumeration
sudo crackmapexec smb ip -u eren -p pass --groups

# Logged On Users
sudo crackmapexec smb ip -u eren -p pass --loggedon-users

# Share Enumeration
sudo crackmapexec smb ip -u eren -p pass --shares

# Spider_plus to spider each directory looking for files
sudo crackmapexec smb ip -u eren -p pass -M spider_plus --share 'Share'

SMBMap

# SMBMap To Check Access
smbmap -u eren -p pass -d DOMAIN.LOCAL -H ip

# Recursive List Of All Directories
smbmap -u eren -p pass -d DOMAIN.LOCAL -H ip -R 'Shares' --dir-only

rpcclient

# RPCClient User Enumeration By RID
queryuser 0x457

# List all users
enumdomusers

Impacket Toolkit

# Psexec.py
psexec.py domain.local/eren:'pass'@ip

# wmiexec.py
wmiexec.py domain.local/eren:'pass'@ip

Windapsearch

# Domain Admins
python3 windapsearch.py --dc-ip ip -u eren@domain.local -p pass --da

# Privileged Users
python3 windapsearch.py --dc-ip ip -u eren@domain.local -p pass -PU

Bloodhound.py

custom Cypher queries

# Executing BloodHound.py
sudo bloodhound-python -u 'eren' -p 'pass' -ns ip -d domain.local -c all

# Creating zip of json files
zip -r output.zip *.json

PreviousCredentialed Enumeration NextWindows

Last updated 3 years ago