Won't Fix!!!

In this post, I am going to share a cheatsheet which you can use while doing domain enumeration in active directory environment. Let's begin.  Always Enumerate following things first: Users Computers Domain Administrators Enterprise Administrators Shares [*] Import Powerview https://github.com/PowerShellMafia/PowerSploit   [*] Get current domain   1. Get-NetDomain         [*] Get object of another domain 1. Get-NetDomain -Domain test.dc.com   [*] Get domain SID for the current domain 1. Get-DomainSID   [*] Get domain policy for the current domain 1. Get-DomainPolicy 2. Get-DomainPolicy."system access"   [*] Get Domain Controllers for the current domain 1. Get-NetDomainController   [*] Get a list of users in the current domain 1.   Get-NetUser [*] Get list of all properties for users in the current domain 1.   Get-UserProperty 2.   Get-UserProperty -properties pwdlastset 3.   Get-UserProperty -Properties logoncount 4.   Get-UserProp

  Hey Guys, in this post I am just going to copy paste my notes which I collected during my OSCP journey from different sources. Feel free to collaborate. 💀 [*] SSH - 22 Tunneling ssh -L 8443:127.0.0.1:8443 user@x.x.x.x Credentials Spraying ncrack -U users.txt -P pass.txt ssh://x.x.x.x [*] DNS - 53 Perform DNS Zone Transfer check dig axfr x.x.x.x dig axfr vhost.com @x.x.x.x  [*] TCPDUMP tcpdump -i eth0 icmp [*] SMB 1. SMB Protocol enumeration: nmap -p445 --script smb-protocols x.x.x.x 2. Check for SMB Vulnerability nmap --script smb-vuln* x.x.x.x 3. Get a list of shares available on a host smbclient -L x.x.x.x 4. Connect to the share smbclient //x.x.x.x/Share_Name 5. SMBMap for checking access on fileshares smbmap -H x.x.x.x -u Username -p Password or smbmap -u '' -p '' -d 'htb.local' -H x.x.x.x 6. Download all files in shares: smbget -R smb://x.x.x.x/Share -U Username 7. Use crackmapexec for spraying crackmapexec smb 10.10.10.175 -u Users.txt -p Pass.txt --co