Enumerate usernames on a domain with no permissions

RidRelay is a python script to enumerate usernames on a domain where you have no permissions at all. It is a quick and easy way to get domain usernames while on an internal network. RidRelay combines the SMB Relay attack, common lsarpc based queries and RID cycling to get a list of domain usernames. It … Read moreEnumerate usernames on a domain with no permissions

Retrieve domain password hashes with Mimikatz

Mimikatz is a windows security tool that can be used to extract passwords from Windows/Windows Servers. One way of doing this manually is extracting the information from the NTDS.DIT file, which is the Active Directory database. This can be tricky to extract, as it’s current open and generally inaccessible whilst the server is running. This … Read moreRetrieve domain password hashes with Mimikatz