Initial Enumeration
Enumeration of AD domain without credentials
Active Directory Initial Access
What do I have to do to get my first set of domain credentials?
Categories:
To fully enumerate the Active Directory domain, we need to have access to a set of domain credentials or get SYSTEM access on a domain computer in order to query information about its users, groups, computers, and privileges granted to them. If we are not given any domain credentials for the engagement, we will have to find a way to get at least one set.
LLMNR/NBT-NS/mDNS Poisoning
Poison multicast name resolution protocols for NetNTLM hashes
SMB Relay Attack
SMB Relay Attack
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.