coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

88 Yaml

Browse Source
This commit is contained in:
CoolHandSquid 2021-08-15 13:17:54 -04:00 committed by GitHub
parent 3f06798973
commit c8b2886c6e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
pentesting/pentesting-kerberos-88/README.md
View File

@ -35,30 +35,29 @@ Protocol_Name: Kerberos #Protocol Abbreviation if there is one.
Port_Number: 88 #Comma separated if there is more than one.
Protocol_Description: AD Domain Authentication #Protocol Abbreviation Spelled out
Name: Notes
Description: Notes for Kerberos
Note: """
Firstly, Kerberos is an authentication protocol, not authorization. In other words, it allows to identify each user, who provides a secret password, however, it does not validates to which resources or services can this user access.
Kerberos is used in Active Directory. In this platform, Kerberos provides information about the privileges of each user, but it is responsability of each service to determine if the user has access to its resources.
Entry_1:
Name: Notes
Description: Notes for Kerberos
Note: |
Firstly, Kerberos is an authentication protocol, not authorization. In other words, it allows to identify each user, who provides a secret password, however, it does not validates to which resources or services can this user access.
Kerberos is used in Active Directory. In this platform, Kerberos provides information about the privileges of each user, but it is responsability of each service to determine if the user has access to its resources.
https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88
"""
https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88
Name: Pre-Creds
Description: Brute Force to get Usernames
Command: """nmap -p 88 --script=krb5-enum-users --script-args krb5-enum-users.realm="{Domain_Name}",userdb={Big_Userlist} {IP}"""
Entry_2:
Name: Pre-Creds
Description: Brute Force to get Usernames
Command: nmap -p 88 --script=krb5-enum-users --script-args krb5-enum-users.realm="{Domain_Name}",userdb={Big_Userlist} {IP}
Entry_3:
Name: With Usernames
Description: Brute Force with Usernames and Passwords
Note: consider git clonehttps://github.com/ropnop/kerbrute.git ./kerbrute -h
Name: With Usernames
Description: Brute Force with Usernames and Passwords
Note: """
consider git clonehttps://github.com/ropnop/kerbrute.git ./kerbrute -h
"""
Entry_4:
Name: With Creds
Description: Attempt to get a list of user service principal names
Command: GetUserSPNs.py -request -dc-ip {IP} active.htb/svc_tgs
Name: With Creds
Description: Attempt to get a list of user service principal names
Note: """
https://rootsecdev.medium.com/installing-impacket-on-kali-linux-2020-1d9ad69d10bb GetUserSPNs.py -request -dc-ip {IP} active.htb/svc_tgs
"""
```