: Essential for Kerberoasting or AS-REP roasting. 389/636 (LDAP/LDAPS) : To query domain objects and users.
: Targeting service accounts with SPNs (Service Principal Names) to crack their passwords offline.
If you ever feel stuck in the OSCP AD set, ask yourself three questions:
SMB is often the "gateway" in OSCP AD. Using tools like smbclient or crackmapexec , you can list shares. Look for SYSVOL, NETLOGON, or custom shares that might contain sensitive files, scripts, or—most importantly—cleartext passwords left by lazy administrators.
Oscp Ad
: Essential for Kerberoasting or AS-REP roasting. 389/636 (LDAP/LDAPS) : To query domain objects and users.
: Targeting service accounts with SPNs (Service Principal Names) to crack their passwords offline. oscp ad
If you ever feel stuck in the OSCP AD set, ask yourself three questions: : Essential for Kerberoasting or AS-REP roasting
SMB is often the "gateway" in OSCP AD. Using tools like smbclient or crackmapexec , you can list shares. Look for SYSVOL, NETLOGON, or custom shares that might contain sensitive files, scripts, or—most importantly—cleartext passwords left by lazy administrators. oscp ad