Cheat Sheet Hacking
  • 🌐Generic Ideas
    • File Transfer
    • Reverse Shell
    • Cracking Tricks
    • Tunneling and Port Forwarding
    • Reversing
    • OSINT
    • Phishing
  • 🐕‍🦺Port enumeration
    • Reconnaissance
    • 53 - DNS
    • 80,443 - Web
      • Identify php.ini file used
      • Exploitation
        • File Upload
        • XXS
    • 445 - SMB
    • 389, 636, 3268 - LDAP(S)
  • LINUX THINGS
    • Enumeration
    • Privilege Escalation
      • Writable $PATH
  • WINDOWS THINGS
    • Enumeration
    • Useful Commands
    • Active Directory Methodology
      • Commands to create AD environment
      • Attacks
        • Kerberos
          • User enumeration
          • ASREP-Roast
          • Kerberoasting
          • ASREP-Roast VS Kerberoasting
          • Golden Ticket
          • Resource Based Constrained Delegation
        • Secrets dump
        • Pass The Hash
        • Dump NTDS
        • Tickets
          • TGT
        • NTML Password Spray
        • LDAP Authentication
          • LDAP Pass-back
          • Rogue LDAP Server
        • SMB Relay (LLNMR, NTB-NS & WPAD)
        • NTLM Relay
        • Tools to exploit AD things
        • SCF Files
      • Kerberos
      • SAM & LSA secrets
      • Enumeration
        • BloodHound
        • PowerView
          • CheatSheet of Commands
        • Set DNS & DOMAIN
      • Resources
      • RunAs
      • Post Explotation
        • Persistence
        • Mimikatz
      • Common used tools
  • 🕳️Pivoting
    • Port Forwarding
    • Socks Forwarding
    • Routing
    • Web Fuzzing
    • Transfer files
    • Metasploit
      • Single Pivot
      • Double Pivot
    • Burp Suite
  • 🎛️Hardware
    • Physical attacks
  • 🌕Buffer Overflow
    • Introduction
    • Stack-Based
      • Introduction
        • Spiking
        • Fuzzing
        • Find Offset
        • Overwrite EIP
        • Find module
        • Find Badchars
        • Shellcode
  • 🐳Docker
    • Commands
    • Practical examples
  • 💡Useful things
    • Burp Suite
      • Proxy Activation
    • Linux Commands
    • Recreate multipart/form-data request
      • Python
      • HTML & netcat
    • TTY
    • Templates for reports (exams)
    • Tmux
    • Other cheat sheets
Powered by GitBook
On this page
  • Extract domain info using IPC$ Share
  • Find objects updated since a specific date
  • Show domain users
  • Show specific info of domain user
  • Show domain groups
  • Show members of a group
  • Show Password Policy
  • Show info about the Domain
  • Perform password-spray attack without locking accounts
  1. WINDOWS THINGS

Active Directory Methodology

PreviousUseful CommandsNextCommands to create AD environment

Last updated 5 months ago

Extract domain info using IPC$ Share

IPC$ Share is essential for communication between programs and remotely accessing or managing another computer.

enum4linux IP

Find objects updated since a specific date

$ChangeDate = New-Object DateTime(2022, 02, 28, 12, 00, 00)
Get-ADObject -Filter 'whenChanged -gt $ChangeDate' -includeDeletedObjects -Server za.tryhackme.com

Show domain users

net user /domain

Show specific info of domain user

net user william.torres /domain

Show domain groups

net group /domain

Show members of a group

net group "Tier 1 Admins" /domain

Show Password Policy

net accounts /domain

Show info about the Domain

Get-ADDomain -Server za.tryhackme.com

Perform password-spray attack without locking accounts

We need to search accounts with the badPwdCount attribute greater than 0, those accounts will be avoided in our password-spray attack.

Get-ADObject -Filter 'badPwdCount -gt 0' -Server za.tryhackme.com

This will only show results if one of the users in the network mistyped their password a couple of times.

What is the IPC$ Share and Why Should You Care? – DEC Solutions GroupDEC Solutions Group
Logo