From the course: Advanced Pen Testing Techniques for Active Directory
Unlock the full course today
Join today to access over 24,700 courses taught by industry experts.
Use CrackMapExec to access and enumerate AD - Active Directory Tutorial
From the course: Advanced Pen Testing Techniques for Active Directory
Use CrackMapExec to access and enumerate AD
- [Instructor] Another tool we can use to enumerate, and gain access to active directory is CrackMapExec. CrackMapExec can scan a subnet to identify access points using SSH, SMB, LDAP, WinRM and MSSQL. When running an SMB scan across a sub domain without credentials, CrackMapExec can identify which targets are able to be accessed, and identify the domain. We've already installed CrackMapExec in our Kali testing workstation. So let's run this across our local domain. CrackMapExec, (keyboard typing) and we'll use it's SMB capability, 192.168.1.0/24 across the whole subnet. Running this returns a number of entries, including non domain systems, domain works stations, and 192.168.1.199 which is the domain controller for cybex.com. If we have a password hash, and we haven't been able to crack it, we can use CrackMapExec to access the domain using the hash. For example, we've extracted a cap 42's password hash. So we can sign…
Contents
-
-
-
-
Set up for testing4m 19s
-
(Locked)
Extract the AD hashes4m 29s
-
(Locked)
Password spraying Active Directory2m 30s
-
(Locked)
Kerberos brute-forcing attacks2m 56s
-
(Locked)
Use CrackMapExec to access and enumerate AD2m 41s
-
(Locked)
Investigate the SYSVOL share2m 51s
-
(Locked)
Take advantage of legacy data1m 56s
-
-
-