Linux Active directory

Linikatz

Mimikatz for UNIX

root@srv:/dev/shm# ./linikatz.sh
 _ _       _ _         _
| (_)_ __ (_) | ____ _| |_ ____
| | | '_ \| | |/ / _` | __|_  /
| | | | | | |   < (_| | |_ / /
|_|_|_| |_|_|_|\_\__,_|\__/___|

<SNIF>

SSSD Cached Credentials

Tool: SSSD-creds

#Find cached credentials
root@srv:/dev/shm$ find / -name *.ldb 2>/dev/null

#Cracking cached credentials
root@srv:/dev/shm$ hashcat -m 1800 cached.hash /usr/share/wordlists/rockyou.txt

Keytab

If you compromise a Linux server as root user try to obtain/etc/krb5.keytab to extract NT hash computer account. Computer accounts can be used to enumerate the domain controller, run bloodhound or use it to abuse of RBCD attacks.

Tool: KeyTabExtract

#Extracting Keytab Hashes with KeyTabExtract
Intrusionz3r0X@htb[/htb]$ python3 keytabextract.py /opt/specialfiles/carlos.keytab

PreviousLinux Penetration Testing NextTools

Last updated 1 month ago