Aug 19, 2020
Welcome to another fun tale of internal pentest pwnage! Today's tale includes these helpful informational tidbits:
My understanding is that in order for mitm6 relay attacks to
work against DCs, those DCs have to have LDAPS config'd properly.
nmap -sV -p646
name.of.domain.controller to verify this
site for the tip!)
PowerView is awesome when used
Find-InterestingDomainShareFile to find
interesting files with the
word password or sensitive or
other helpful strings.
I've also got some personal updates for you, including: