Linux
CrackMapExec
# Domain User Enumeration
sudo crackmapexec smb ip -u eren -p pass --users
# Domain Group Enumeration
sudo crackmapexec smb ip -u eren -p pass --groups
# Logged On Users
sudo crackmapexec smb ip -u eren -p pass --loggedon-users
# Share Enumeration
sudo crackmapexec smb ip -u eren -p pass --shares
# Spider_plus to spider each directory looking for files
sudo crackmapexec smb ip -u eren -p pass -M spider_plus --share 'Share'
SMBMap
# SMBMap To Check Access
smbmap -u eren -p pass -d DOMAIN.LOCAL -H ip
# Recursive List Of All Directories
smbmap -u eren -p pass -d DOMAIN.LOCAL -H ip -R 'Shares' --dir-only
rpcclient
# RPCClient User Enumeration By RID
queryuser 0x457
# List all users
enumdomusers
Impacket Toolkit
# Psexec.py
psexec.py domain.local/eren:'pass'@ip
# wmiexec.py
wmiexec.py domain.local/eren:'pass'@ip
Windapsearch
# Domain Admins
python3 windapsearch.py --dc-ip ip -u eren@domain.local -p pass --da
# Privileged Users
python3 windapsearch.py --dc-ip ip -u eren@domain.local -p pass -PU
# Executing BloodHound.py
sudo bloodhound-python -u 'eren' -p 'pass' -ns ip -d domain.local -c all
# Creating zip of json files
zip -r output.zip *.json
Last updated