Linux Active directory

Linikatz

Mimikatz for UNIX

Tool:

root@srv:/dev/shm# ./linikatz.sh
 _ _       _ _         _
| (_)_ __ (_) | ____ _| |_ ____
| | | '_ \| | |/ / _` | __|_  /
| | | | | | |   < (_| | |_ / /
|_|_|_| |_|_|_|\_\__,_|\__/___|

<SNIF>

SSSD Cached Credentials

Tool:

#Find cached credentials
root@srv:/dev/shm$ find / -name *.ldb 2>/dev/null

#Cracking cached credentials
root@srv:/dev/shm$ hashcat -m 1800 cached.hash /usr/share/wordlists/rockyou.txt

Keytab

If you compromise a Linux server as root user try to obtain/etc/krb5.keytab to extract NT hash computer account. Computer accounts can be used to enumerate the domain controller, run bloodhound or use it to abuse of RBCD attacks.

#Extracting Keytab Hashes with KeyTabExtract
Intrusionz3r0X@htb[/htb]$ python3 keytabextract.py /opt/specialfiles/carlos.keytab

PreviousEscape Restricted Shell NextMalware Development

Last updated 10 hours ago