Windows Active Directory Port 88 (kerberos), 389 (ldap), 636 (ldap), 3268 (ldap) SYSVOL content found If SYSVOL content found. And if GPP (Group Policy Preferences) is applied, there will be a Groups.xml file that contains credentials in Policies directory somewhere. Find it use: find . -iname "groups.xml" GPP Password Hash found Use gpp-decrypt tools to…
Pentest/CTF Take-aways(search refs to change all broken refs)
Posted on