** 1. Initial Enumration and Identification **

a. netexec User Enumration

sudo netexec smb <dc-ip> -u 'dotpirate' -p 'l3tsh4ck!' --users

Using netexec to enumerate domain users

b. netexec Group Enumeration

sudo netexec smb <dc-ip> -u 'dotpirate' -p 'l3tsh4ck!' --groups

Using netexec to enumerate domain groups

c. netexec Logged on User Enumeration

sudo netexec smb <dc-ip> -u 'dotpirate' -p 'l3tsh4ck!' --loggedon-users

Check what user are logged on the server at that time

d. netexec SMB Share Enumeration

sudo netexec 10.10.10.0/24 smb -u 'dotpirate' -p 'l3tsh4ck!' --shares

Check if our user has access to any shares

** 1. Initial Enumration and Identification **

a. Wireshark

sudo -E wireshark

Choose the ethernet we want to sniff on

Filter for ARP protocol

Look for NETBIOS names

Look for DNS and domain names

Look for unsecure protocols such as TELNET and FTP

b. TCPdump

sudo tcpdump -i eth0 -w capture.pcap

Choose the ethernet we want to sniff on

Saves the output in .pcap file

c. Net-Creds

sudo python net-creds.py -f capture.pcap

Install net-creds Search for credentials in the .pcap file

Methods Tactics and Commands to enumerate and exploit Active Directory environments