<aside>
β οΈ
If ever any ACL prevent you from running tools; Rebus or Mimikatz are not working and you have Administrator privilege Enable RDP and and tools from the RDP session, UAC restrictions i think
While working with Kerberos remember to include the FQDN in the /etc/hosts file if
not DNS resolution is available.
</aside>
Psexec solve problem of double hub fuck evil-winrm
<aside>
π‘
- We have an account, now what?
- Search the quick wins
- ASREPRoasting
- Kerberoasting
- Secretsdump
- Pass the hash / pass the password
- No quick wins? Dig deep!
- Enumerate (Bloodhound, etc.)
- Where does your account have access?
- Old vulnerabilities die hard
</aside>
LNK file attacks, Phishing; force auth
ASREPRoasting No Pre-Auth cracking ticket hash AS-REP
Kerberoasting Service SPN cracking ticket hash TGS-REP
New Attack Path ASREPRoasting + Kerberoasting No Cred Required
Targeted Kerberoasting Set SPN To perform Kerberoasting
SPN Jacking; instead of Targeted Kerberoasting { DACL Abuse + Constrained Delegation } No Pass Cracking
π Timeroasting
Kerberos Delegation βImpersonationβ PrivEsc
Access Control List (ACL) Abuse
Shadow Credential Attack
Domain Trusts Attack PrivEsc Persistence
Active Directory Certificate Services (AD CS) Across Domain Trusts
MSSQL Database Trusts Attack PrivEsc Persistence
Bleeding Edge Vulnerabilities βCVEsβ
Misconfigurations
Overpass-the-Hash Attack