Cron Jobs - File Permissions Enumeration We are going to exploit a misconfigured script to escalate our privileges to root. Let’s check the content of a crontab /etc/crontab We will locate the...

Cron Jobs - PATH Environment Variable Enumeration We are going to exploit PATH Environment Variable to escalate our privileges to root. Let’s check the content of a crontab /etc/crontab As you...

Ldap The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify In...

Kerberoasting Kerberoasting is a technique that allows an attacker to steal the KRB_TGS ticket, that is encrypted with RC4, to brute force application services hash to extract its password. Kerber...

Kerberos Kerberos is an authentication protocol that is used to verify the identity of a user or host. It runs on port 88/tcp by default. Enumeration Scanning With Nmap We can use nmap to scan ...

DCSync DCSync attack simulates the behavior of a Domain Controller and asks other Domain Controllers to replicate information using the Directory Replication Service Remote Protocol (MS-DRSR). Bec...

Golden Ticket Is an attack that allows attacker who has KRBTGT account password hash to forge Kerberos ticket-granting tickets (TGT) that will enable him to generate authentication material for an...

FTP File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network. It runs on port 21 by default. Enumerati...

Force Authentication Allows attacker to gather credential material by forcing a user to automatically provide authentication information through a mechanism in which they can intercept. Exploitat...

Directory Services Restore Mode (DSRM) All domain controllers have a hard-coded local Administrator account stored in their SAM file. This account and local database are not used or generally avai...