Red Teaming And Windows Notes
  • Windows
    • Local Privilege Escalation
      • PRIVILEGES INFORMATION
      • Open Ports
      • Stored Creds
      • PowerShell/CMD History
      • Unquoted Service Paths
      • Evaluating Vulnerable Drivers
      • Printer
      • $PATH interception
    • Shell generators
    • Credentials Hunting.
      • Mimikatz
      • Secretsdump
      • Pypykatz
    • Active Directory
      • Quick Wins
      • Tools
      • Basic Recon
      • Laps Password Read
      • Weaponizing Windows
        • Weaponizing Windows Pt-1
      • Winrm Using Certificate[PFX]
      • WriteOwner
    • Powershell
    • Password Spray And Roasting
Powered by GitBook
On this page
  1. Windows
  2. Active Directory

Quick Wins

This is a collection of things to check for an easy way to domain admin

  • Bloodhound: paths from initial owned users to high value targets

  • Kerberoast & ASREPRoast

  • Credential reuse between low priv and high priv accounts

  • Abusing the Printerbug (relaying the authentication)

Common CVEs that give RCE

  • CVE-2020-0688 (Exchange)

  • CVE-2020-0708 (Bluekeep)

  • CVE-2020-0144 (Eternal Blue)

  • CVE-2020-0796 (SMBGhost)

  • CVE-2020-1472 (Zerologon)

  • CVE-2021-42287/CVE-2021-42278 (Sam-The-Admin/Nopac)

PreviousActive DirectoryNextTools

Last updated 2 years ago