all InfoSec news
Attacktive Directory — TryHackMe Write-Up
System Weakness - Medium systemweakness.com
Attacktive Directory — TryHackMe Write-Up
Reconnaissance
Let’s start with the nmap scan.
nmap outputnmap outputWe can see AD is running with the domain name THM-AD and DC name spookysec.local. Let’s use Kerbrute to brute force and enumerate valid AD accounts through Kerberos Pre-Authentication.
Before starting Kerbrute, first add the domain name to /etc/hosts file.
Kerbrute
Kerbrute syntaxLet’s start with enumerating usernames:
~/Downloads/kerbrute_linux_amd64 userenum -d spookysec.local --dc spookysec.local userlist.txt -o kerb_users.txt
- userenum is the command to enumerate …
accounts active directory authentication brute can cybersecurity directory domain domain name downloads etc file hosts kerberos kerbrute local name nmap penetration testing running scan start thm tryhackme tryhackme-walkthrough usernames valid write-up